I asked a question over on StackOverflow and was directed to ask a related one here to see if I could get any additional input. Basically, I am looking to have my application aware of what domain it's running under, if any at all. (I want to expose certain debugging facilities only in house, and due to our deployment model it isn't possible to have a different build.) Since I am over paranoid, I didn't want to just rely on the domain name to ensure we are in house. As such I noted the DOMAIN_CONTROLLER_INFO returned from DsGetDcName has a GUID associated with it, however I can find little if any information on it. I am assuming this GUID is generated at the time the first DC in a domain is created, and that it would live on for the life of the domain. Does anyone else have any inner knowledge and would be kind enough to confirm or deny my assumptions?
SnapOverflow
As per Active Directory Naming Standard,
SID vs. GUID states
How Domain Rename Works states
On my domain, the only GUID attached to the domain object is "objectGUID". Object-Guid attribute has this to say about objectGUID:
Yep I'd expect this is the objectGUID of the domain which is a good unique identifier here.
In addition to what Mike said, in the generic case of say a user or a computer you've got two identifiers there. The objectGUID and the SID (Security Identifier). Both are set at object creation however in the case of a forest with multiple domains, if you move the user/computer between domains, the GUID will stay intact however the SID will change.