Is it best to use DN or objectGUID as glue ?

Mar 20, 2013 at 12:15 PM

The project is using the DN as glue to identify relationships between objects.

I'm asking myself why not use objectGUID as this attribute can be more efficient (fixed size, known type) and MS states in : "Use the objectGUID attribute to identify the tracked objects. The objectGUID of each object remains unchanged regardless of where the object is moved within the forest."
Mar 20, 2013 at 10:49 PM
Interestingly enough, the initial version of the component was using objectGUID as a glue, for the very same reason described in the msdn article you mentioned.
I switched to using DN, since I get the DN attribute for "free", every object returned by the System.DirectoryServices.Protocols has the DN value embedded in it, whether you ask for it or not, so it simplified code quite a bit.
My plan is to introduce the following logic in the next release - if objectGUID is included in the attributesToLoad, it will be added as an additional glue value (DN and objectGUID), if not the DN will be used.
Mar 20, 2013 at 10:57 PM
Yes, so I wasn't dreaming ! I used this component a few months (year? don't remember) ago and I was sure I was using objectGUID but since now I always had NULL I figured out it was DN for the glue so my misunderstanding !

Yes I think both are correct glue depending of what you want to track.
For example when you use SSIS to track user migration batches where users move from one domain (or one OU) to another and have some "compliance" SSRS reports, DN is like other attributes : changing and non reliable.