3.1.1.1.4 Account Domain Principal View

To construct the Account Domain Principal View, the following columns from the associated domain database MUST be used:

All objects that satisfy the following criteria MUST be part of this view:

The following columns of such objects MUST be used to construct the Account Domain Principal View in the following manner:

The Additional Security Principal Name, User Principal Name, and Security Principal SID History columns are left empty.
Security Principal SID is mapped from objectSID.
Security Principal Name is mapped from sAMAccountName.
Security Principal Type is mapped from sAMAccountType by using the mapping rule explained in the Builtin Domain Principal View (section 3.1.1.1.3).
Domain NetBIOS Name, Domain DNS Name, and Domain SID are mapped from Domain Database Information, as specified in section 3.1.1.2.
Default User Principal Names is constructed using the following rules:
- If Domain DNS Name is not empty, concatenate sAMAccountName with Domain DNS Name, separated by an @ sign.
- And if the domain database used is an Active Directory domain, concatenate sAMAccountName with Domain NetBIOS Name, separated by an @ sign.

The following is an example of how this view is created:

An object that represents the administrator user on an Active Directory domain database.

The Domain Database Information for that Active Directory domain database.

The view created for the administrator object.

Column	Value
Domain DNS Name	Corp.example.com
Domain NetBIOS Name	Corp
Domain SID	S-1-5-21-397955417-626881126-188441444
Security Principal Name	Administrator
Additional Security Principal Name
Default User Principal Names	administrator@corp administrator@corp.example.com
User Principal Name
Security Principal SID	S-1-5-21-397955417-626881126-188441444-500
Security Principal SID History
Security Principal Type	SidTypeUser