Directory Programming .NET

What's a reasonable size for a DB field to start the distinguished name?  I think AD allows up to 2056 for DN but making a DB field that supports up to that is kind of absurd.  Would 256 or 512 be enough?

Depends on your tree. right?  If you have a lot of sub OU's then you'll need a larger db field.  I guess if you wanted to be sure you could run through all you user objects and get the length of the longest dn and then add 50%.  Thats my suggestion anyway... 

My suggestion is to never store DNs externally anyway.  Always store GUIDs.

The GUID can be used in place of the DN using the syntax <GUID=xxxxxx> and the GUID is immutable.  It is also a fixed length and fits nicely into the SQL unique identifier data type.

That's what I'm doing now using GUID but we're looking to support multiple domains on our application.  I could just store the domain name but the same domain can have groups with the same name, as long as they're in different OU/containers.  In AD you can achieve this by renaming an existing group to be the same as another group somewhere else, as long as you keep the pre-Windows 2000 name unique.

That's where I'm stuck in right now and DN seem like a good way to disambiguate between groups with the same name.

Not a viable option for us because our software get deployed by customers who have vastly different environments.

It should be fine unless you are supporting non-AD directories as both AD and ADAM support GUIDs just fine.

Otherwise, you have to make an educated guess as to what the longest DN you'll ever need to store will be.  Since there is no inherent limit on the depth of hierarchy allowed by most directories, your DNs could potentially get to be quite large.  At some point you have to just pick a maximum length you'll support.  I'm not really sure what's reasonable here.