Active Directory and PrincipalPermission

Question

This is more of a curiosity than a request for help, but I noticed that when using PrincipalPermission and verifying a user is part of a specific group in Active Directory it wi

Answer 1

The reason is guaranteed security. The samAccountName attribute is unique across all security principal objects in an NTDS domain. If other name attribute would be used instead an attacker could easily workaround security permission by creating other user/group with the same name in a different organizational unit or container.