Global Unique Identifier (GUID)

A GUID (Globally Unique Identifier) in Active Directory is a unique identifier assigned to objects within the directory service. Each object, such as users, groups, computers, and organizational units (OUs), in an Active Directory domain has a GUID associated with it.

GUIDs are assigned when objects are created and remain unchanged throughout the object's lifetime, even if the object is moved or renamed within the Active Directory structure. This ensures that each object maintains its identity regardless of its location or name changes.

GUIDs are crucial for the internal functioning of Active Directory, as they allow the directory service to uniquely identify and reference objects. They are used extensively in replication, authentication, and authorization processes within the Active Directory environment.

You can find an object's GUID using various methods, including Active Directory administrative tools such as Active Directory Users and Computers (ADUC) or programmatically through scripts or LDAP queries.

GUID is like a MAC address. The ObjectGUID property never changes and is associated with the object for as long as that object exists in the domain.

When querying for an AD object (such as a user, group, computer, domain, domain controller, etc.), we can query for its objectGUID value using PowerShell or search for it by specifying its distinguished name, GUID, SID, or SAM account name. GUIDs are used by AD to identify objects internally. Searching in Active Directory by GUID value is probably the most accurate and reliable way to find the exact object you are looking for, especially if the global catalog may contain similar matches for an object name.