User Account Summary – Systems Engineering & Integration

A user account identifies a single user, such as an employee. Windows has the following types of user accounts:

Local

A local user account is created and stored on a local system and is not distributed to any other system.

Local user accounts are created with the Computer Management console.
The local Security Accounts Manager (SAM) manages the user account information.
Only local resources are accessible with local user accounts.

Domain

A domain user account is created and centrally managed through Active Directory.

Domain user accounts are created with Active Directory Users and Computers, command-line tools, or PowerShell.
Each domain user account has a unique security identifier (SID) to identify the user. A user can log on to the domain from any computer that is a member of the domain and can access resources on that computer or on other computers for which the domain user account has permissions.
Domain user accounts have a variety of properties, such as user information, group membership, user profiles, and dial-in settings.

Active Directory uses the following name types to recognize each object:

Type	Description
User or Logon Name	The user or logon name is the name of the user account. It is typically a combination of the given name (first name) and surname (last name) of the user. For example, Andy Waters may have the following logon name, awaters. It is best practice to set up a naming convention that identifies how duplicate names will be addressed.
User Principal Name (UPN)	The User Principal Name (UPN) combines the user account name with the DNS domain name. For example, account awaters in the westsim.com domain would have the UPN [email protected]. The UPN format is also known as the SMTP address format. The DNS domain name in the UPN is known as the UPN suffix. By default, the domain that holds the user account is selected for the UPN suffix. However, you can configure UPN suffixes other than the domain name.
Distinguished names	Distinguished names are the way the Active Directory refers to objects. The distinguished name identifies the full path to an object, including the object name and all parent objects to the root of the domain. The following identifiers are used in a distinguished name: CN = common name OU = organization unit DC = domain controller Each component of the path is separated by a comma. Following is the distinguished name of a computer named Client1, in the OU named Desktops, in the OU named Sales in Northsim.com. CN=Client1,OU=Desktops,OU=sales,DC=northsim,DC=com If the object is in a container, the name contains the container name, identified as CN=, in addition to the common name. For example, a user named awaters, in the Users container, in the northsim.com domain, has the distinguished name: CN=awaters,CN=Users,DC=northsim,DC=com Keep in mind the following about distinguished names: Each object in Active Directory has a unique distinguished name. If the name of any component contains a space, put a double quotation mark (“) at the beginning and end of the name.
Relative Distinguished Name (RDN)	The Relative Distinguished Name (RDN) is used to identify the object within its container. The RDN needs to be unique only within the object’s container. In the example above, the RDN is CN=awaters.