What is the uSNCreated property in Active Directory? Is it unique?

active-directory uniqueidentifier

@sysadmin1138's answer is a little misleading. uSNCreated is not related to time; it is unique only on the DC. It is the DC's "highestCommittedUsn + 1" at the time of object creation. He is probably mixing it up with whenCreated, which is a 64-bit number representing the number of 100 nanosecond intervals since 12:00 am January 1, 1601...and also not necessarily unique. He is however correct that objectGuid, along with objectSid, are best used to track objects through attribute changes. Both are always set on all user objects and will never change w/o deleting and recreating the object...at which time all bets are off for tracking the object!


Why not use the value that Microsoft uses - the SID? This is stored as a binary in the objectSid attribute. Another benefit of this is that should your users be moved between domains in the future, the objectSid will be stored in sIDHistory so you can reconcile the changes.


That field is actually a sneaky date-time field and is not guaranteed to be unique. A better field for this is 'objectGUID'. That IS unique.

Related

Is it safe to remove all files in the /var/log when cleaning a server's history?
Upgrading apache without upgrading Ubuntu?
business-class fiber to the home [closed]
How to stop Subversion from prompting about: Server certificate verification failed: issuer is not trusted
How to determine how map drives are being mapped
How to identify if my website DNS is A-Record or CNAME?
How to diagnose repeated "Starting up database '<dbname>'"
File change on a LAMP development server not taken into account
vSphere NIC Teaming - Any reason for Active/Standby?
How to make PowerShell add a new line after executing a command?
What is causing email sent from my Google Apps account to bounce?
Why does Serverfault use Dynect Platform? And should I too?