PowerShell Logo Small

about_ActiveDirectory_Identity



This is the built-in help made by Microsoft for the document 'about_ActiveDirectory_Identity', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-24.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

Search powershellhelp.space

Contents
about_ActiveDirectory_Identity 2

about_ActiveDirectory_Identity
TOPIC
Active Directory Object Identity

SHORT DESCRIPTION
The Active Directory module for Windows PowerShell objects have a range
of identifying attributes that are used for search and retrieval.

LONG DESCRIPTION
In order to identify the objects in Active Directory, each object has
attributes that can be used as identifiers. In the Active Directory
module, the value of the identity of an object can be passed using the
Identity parameter. Each object type has its own set of possible types
and values for use by the Identity parameter. See the detailed
description of the Identity parameter of the given cmdlet for more
information about its usage.

When searching with the Active Directory module cmdlets, the value of
the Identity parameter, along with the values of the Server and
Partition parameters, is used to uniquely identify a single object. The
Server parameter is used to locate which server to connect with. The
Partition parameter further narrows the search to a specific partition.
The Identity parameter then resolves to a single unique object in the
partition.

Note that using the Security Accounts Manager (SAM) Account Name
(sAMAccountName) when targeting a global catalog port, you will not find
a user in a different domain if you are using the Identity parameter

If more than one object is found using identity resolution, the Active
Directory module throws an error.

For more information about the Server and Partition parameters, see the
help topics for the individual cmdlets where they are used, such as
Get-ADUser, by typing:

get-help Get-ADUser


Objects and Identities
Each object has a list of attributes that can be used as an identity for
that object. Additionally, if the object inherits from another object,
then the parent object's identities can also be used as the child
object's identities. For more information on the Active Directory object
hierarchy, see about_ActiveDirectory_ObjectModel.

Note: For Active Directory Provider cmdlets, only an object's
'Distinguished Name' or 'Relative Distinguished Name' can be used as the
identity. For a list of Active Directory Provider cmdlets, see
ActiveDirectory.


Identity Attributes
The following is a list of identity attributes by object type.

ADAccount
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
SAM Account Name (sAMAccountName)

ADComputer
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
Security Accounts Manager Account Name (sAMAccountName)

ADDirectoryServer
Name of the server object (name)
For AD LDS instances the syntax of a name is
<computer-name>$<instance-name>
For other Active Directory instances, use the value of the name
property.
Distinguished Name of the NTDS Settings object
Distinguished Name of the server object that represents the directory
server.
GUID (objectGUID) of server object under the configuration partition.
GUID (objectGUID) of NTDS settings object under the configuration
partition

ADDomain
Distinguished Name
GUID
Security Identifier
DNS domain name
NetBIOS domain name

ADDomainController
GUID (objectGUID)
IPV4Address
Global IPV6Address
DNS Host Name (dNSHostName)
Name of the server object
Distinguished Name of the NTDS Settings object
Distinguished Name of the server object that represents the domain
controller
GUID of NTDS settings object under the configuration partition
GUID of server object under the configuration partition
Distinguished Name of the computer object that represents the domain
controller.

ADFineGrainedPasswordPolicy
Distinguished Name
GUID (objectGUID)
Name (name)

ADForest
Fully qualified domain name
DNS host name
NetBIOS name

ADGroup
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
Security Accounts Manager (SAM) Account Name (sAMAccountName)



ADObject
Distinguished Name
GUID (objectGUID)

ADOptionalFeature
Distinguished Name
Name (name)
Feature GUID (featureGUID)
GUID (objectGUID)

ADOrganizationalUnit
Distinguished Name
GUID (objectGUID)

ADPrincipal
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
SAM Account Name (sAMAccountName)

ADServiceAccount
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
SAM Account Name (sAMAccountName)

ADUser
Distinguished Name
GUID (objectGUID)
Security Identifier (objectSid)
SAM User Name (sAMUserName)


Identities Formats
Active Directory module objects have a range of identity attributes.
Below is a list of these, their types and formats.

Distinguished Name
Example: CN=SaraDavis,CN=Europe,CN=Users, DC=corp,DC=contoso,DC=com

DNS domain name
Example: redmond.corp.contoso.com

DNS Host Name (dNSHostName)
Example: corp-DC01.corp.contoso.com

Feature GUID (featureGUID)
Example: 599c3d2e-f72d-4d20-8a88-030d99495f20

Fully qualified domain name
Example: corp.contoso.com

Global IPV6Address
Example: 2001:4898:0:fff:200:5efe:157.59.132.61

GUID (objectGUID)
Example: 599c3d2e-f72d-4d20-8a88-030d99495f20

IPV4Address
Example:157.59.132.61

NetBIOS domain name
Example: redmond

Name of the server object
Example: corp-DC01$

SAM Account Name (sAMAccountName)
Example: saradavisreports

Security Identifier (objectSid)
Example: S-1-5-21-3165297888-301567370-576410423-1103

Name
Example: Recycle Bin Feature


SEE ALSO
about_ActiveDirectory
about_ActiveDirectory_ObjectModel