views:

179

answers:

3

I have to create a table and store Active Directory SIDs representing an User or a Group.

How would you name the category representing both an User and a Group ?

Edit 1.

Table will contain four columns : ID ( PK ), SID's Name, SID's value and another column for SID's Type ( 0 for User, 1 for Group ).
Please suggest the table name, not only the columns names.

+3  A: 

Active Directory uses the term "principal" or "security principal" for both. That also includes computers.

Here's a grahpic image from the MSDN article Managing Directory Security Principals in the .NET Framework 3.5 that shows the hierarchy.

alt text

So I would probably call my table Principals and have the three columns you mentioned:

  • PrincipalName (string)
  • SID (string or binary)
  • PrincipalType (0 for User, 1 for Group)
marc_s
After reading the comments and then the debate on http://stackoverflow.com/questions/7662 , I am sticking to the singular form of naming tables/columns. I especially like the following argument : http://stackoverflow.com/questions/7662/7678#7678
MiniMe
Having the tables `Principal ( ID, Name, SID, TypeID )` and `PrincipalType ( ID, Description )` the following query seems natural : `SELECT Principal.Name, Principal.SID, PrincipalType.Description FROM Principal INNER JOIN PrincipalType ON PrincipalType.ID = Principal.TypeID`
MiniMe
A: 

When I recently had to do this (linking a DB user table to the AD accounts) I simply named the column ADSID.

I found this made good sense for us since we were querying using DirectorySearcher and the name for that property in the LDAP database is objectSid, so our queries looked like:

deSearch.Filter = "(&(objectSid=" + ADSID + "))";

Although, as I cut an paste that code from my project, I do wonder if maybe objectSid would have been a good column name too?

As far as naming the table, I hope you are storing additional information beyond the AD details here? Otherwise, why are you duplicating the AD database?

If you are storing additional information, then you should name the table according to whatever domain/business object is modelled by the table.

As I said, I was storing the data for users, so my table was simply called [Users].

Finally - perhaps you would benefit from normalising this out into a [Groups] and a [Users] table?

David Hall
I am migrating now the data from two tables ( User and Group ) to a single table as the SIDs are unique, thus I'm searching for a common category describing both.
MiniMe
A: 

From most verbose to least:

  • ActiveDirectorySecurityIdentifiers
  • ActiveDirectorySIDs
  • ADSIDs

Good practices dictate that table names be plural and that the names should represent and describe the contents of the tables. Depending on your level of comfort any one of the above should do just fine.

Miky Dinescu
I am reading the debate between using singular vs plural when naming the tables here : http://stackoverflow.com/questions/7662 . Personally, I am using singular form.
MiniMe
You may use whatever you like, but the ISO standards are in favor of the plural form for tables. Take a look at ISO 11179-5 "Naming and identification principles" http://metadata-standards.org/11179/#11179-5
Miky Dinescu