3.1.1.3.2.38 msDS-PrincipalName

Returns a string name of the security principal that has authenticated on the LDAP connection. If the client authenticated as a Windows security principal, the string contains either (1) the NetBIOS domain name, followed by a backslash ("\"), followed by the sAMAccountName of the security principal, or (2) the SID of the security principal, in SDDL SID string format ([MS-DTYP] section 2.4.2.1). If the client authenticated as an AD LDS security principal, the string contains the DN of the security principal. If the connection is not authenticated (only possible if the fLDAPBlockAnonOps heuristic in the dSHeuristics attribute is FALSE; see section 6.1.1.2.4.1.2), the string is "NT AUTHORITY\ANONYMOUS LOGON".

Note This rootDSE attribute is different from the schema attribute of the same name, msDS-PrincipalName.