Store SID or username in database for AD accounts?
We built a small class to combine the two and only compare against sid. The format is similar to the following line:
"Domain\\User\nS-1-5-21-...........-1129"
This allows us "friendly" names in the database and in the debugger, but all bindings are effectively outside of the meaning.
What happens when the username changes? The data is outdated and remains so :)
BTW, if you do something like this, make sure you can't get the "display name" from the object as you don't want it to be displayed to the user as it might be deprecated. Instead, you must run the LookupUserName () procedure, which performs the correct SID resolution on the account name.
Finally, be sure to save the SID, but you will. You don't want to keep JDoe, and when Jane leaves and John starts a month later, he suddenly has access?
source to share