You may have read my other post on using the SID/GUID alternate formats for DNs for queries and my post last year on using alternate DN formats for binding and searching as well… Here is something else I recently learned that I thought was interesting.
There are actually more alternate DN formats…
All of these formats can be used for the bind string…
http://msdn.microsoft.com/en-us/library/ms676245(VS.85).aspx
Dmitri posted them to AD Org as such
ACTIVE DIRECTORY FORMATS
DS_FQDN_1779_NAME,
DS_USER_PRINCIPAL_NAME,
DS_NT4_ACCOUNT_NAME,
DS_CANONICAL_NAME,
DS_UNIQUE_ID_NAME,
DS_DISPLAY_NAME,
DS_SERVICE_PRINCIPAL_NAME,
DS_SID_OR_SID_HISTORY_NAME,
DS_CANONICAL_NAME_EX
and
ADAM FORMATS
DS_FQDN_1779_NAME,
DS_CANONICAL_NAME,
DS_UNIQUE_ID_NAME,
DS_DISPLAY_NAME,
DS_SERVICE_PRINCIPAL_NAME,
DS_SID_OR_SID_HISTORY_NAME,
DS_CANONICAL_NAME_EX,
DS_USER_PRINCIPAL_NAME
So yes… You can even use displayname as the bind DN string but man I would recommend being careful there because there is NOTHING implementing uniqueness and obviously if AD can’t uniquely identify the bind DN it won’t let you authenticate with it.
joe
Good to know. Thanks for the read and info Joe!