I'm trying to uniquely identify objects in an Active Directory domain. The sAMAccountName or mail address can sadly change, and so can the objectSid. But I saw that there is an objectGUID as well.
I just wonder: Can this change for any reason, or can I assume this will never change?
The reason that I'm asking is that I'm referencing some AD objects from an application and need to come back weeks or months later and still get the object, but the application is unable to have any way to get notified of changes. So I need a value that never changes.
http://technet.microsoft.com/en-us/library/cc961625.aspx?ppud=4
To copy and paste: SIDs can sometimes change. The SID for a Group object won't change. The values of other object properties can change, but the Object-GUID never changes. When an object is assigned a GUID, it keeps that value for life.
If there is a GUID associated with it, it should never change as GUID stands for Globally Unique Identifier
THe GUID shouldn't change if you leave the computer as a member of the domain and rename it, But as stated removing it from the domain and adding it back in a new object.
"When an object is assigned a GUID, it keeps that value for life."
Not sure how true this is. I tested this by adding a computer to an AD domain and recording the GUID. I then removed the computer from the domain, renamed it, and then added it back to the same domain. The GUID was different on the computer. I am curious if anyone else can verify this as well.