User Account Types

User Account Types

A user account identifies a single user, such as an employee. Windows has the following types of user accounts:




A local user account is created and stored on a local system and is not distributed to any other system.

  • Local user accounts are created with the Computer Management console.
  • The local Security Accounts Manager (SAM) manages the user account information.
  • Only local resources are accessible with local user accounts.


A domain user account is created and centrally managed through Active Directory, and is replicated between domain controllers in the domain.

  • Domain user accounts are created with Active Directory Users and Computers, command line tools, and PowerShell.
  • Each domain user account has a unique security identifier (SID) to identify the user. A
  • user can log on to the domain from any computer that is a member of the domain and can access resources on that computer or on other computers for which the domain user account has permissions.
  • Domain user accounts have a variety of properties, such as user information, group membership, user profiles, and dial-in settings.

Note: External users which need an e-mail account, can be represented through a contact object. A contact object is an account that does not have any security permissions. Users represented as contact objects cannot log on to the domain. Use contacts to add information about individuals, such as e-mail or phone number, to Active Directory. Applications, such as Exchange, can search for attributes of contact objects.

Active Directory uses the following name types to recognize each object:



User or Logon


The user or logon name is the name of the user account. It is typically a combination of the given name (first name) and surname (last name) of the user. For example, Habib Sheikh may have the following logon name, hsheikh.

User Principal

Name (UPN)

The User Principal Name (UPN) combines the user account name with the DNS domain name. For example, account hsheikh in the domain would have as the UPN.

  • The UPN format is also known as the SMTP address format.
  • The DNS domain name in the UPN is known as the UPN suffix.
  • By default, the domain that holds the user account is selected for the UPN suffix. However, you can configure different UPN suffixes to use instead of the domain name.

LDAP Distinguished Name (DN)

The LDAP Distinguished Name (DN) references the domain and related container(s)

Where the object resides. It has three basic attributes:

  • Domain Component (DC)
  • Organizational Unit (OU)
  • Common Name (CN)

An example LDAP Distinguished Name (DN) is:

 CN=hsheikh, OU=sales, DC=habib, DC=com

Relative Distinguished Name


The Relative Distinguished Name (RDN) is used to identify the object within its container. The RDN needs to be unique only within the object’s container. In the example above, the RDN is CN=hsheikh.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s