This is an extension to a post I seen that explained  problems and solutions regarding individuals who are deleted from AD and then added back later and how certain values in the CRM Database tables need to be changed to match certain values from AD.

Follow to see the post

However what I would like to do is gain some further knowledge as far as what the function of each piece is.

For Example:

If AD's ObjectGuid doesn't match the users SystemUserBase.ActiveDirectoryGuid  It will prevent you from being able to activate said user. Is this the only function of the ActiveDirectoryGuid in the login process? Because, if you manually make the the ActiveDirectoryGuid match the record that the user is associated with in AD it allows you to activate them but in some cases the user will still be unable to log in due to a mismatch with the AD's SID and CRM's  MSCRM_CONFIG.SystemUserAuthentication.AuthInfo.

Within the MSCRM_CONFIG.SystemUserAuthentication.AuthInfo you will normally see 2 records. One that contains the SID formated

"W:X-0-0-00-0000000000-0000000000-00000000-00000"

While the other is formatted

"C:First.Last@domain.com"

Which leads into my next series of questions.

When does it use one record over the other, or does it require to have both records?

Does it only use SID if you are using an automated login process? (making it so that the user doesn't have to use any credentials)

Is the latter what is required for the user to type in as their UserName.

Can it be changed  and subsequently what ever you changed it to be required to be used as the UserName during login?

I apologize for the badgering of questions here but I want to make sure I fully understand what each piece is doing so that I can develop a process to fix what ever issue comes up regarding this.