A Windows ID (such as MyDomain\someuser) will have a unique SID (such as S-1-5-21-1695517229-881958489-217698969-1001)
The ID is used during login, which confirms that it too is unique in nature.
What's the purpose of the SID then?
Seems like a redundant primary key to me!
The key difference is that a Security Identifier (SID) is immutable, whereas both SAM Account Name (
CONTOSO\USERNAME
) and User Principal Name (UPN,[email protected]
) can be changed.In a Windows Active Directory domain a user might have permissions to resources across many servers and workstations. If all those permissions were bound to usernames, changing usernames would be impossible. As usernames typically are based on real names and people do get married etc., that would be quite impractical.