Why such need?
To get user objectGUID in login method you would need extra LDAP call to get that information.
Such need for marriage...
Could you provide an example?
You mean sAMAccountName has changed. So user starts to use new sAMAccountName. What is the problem?
We would rely on the objectGUID for the applicative authorisation and the GUI doesn't require the change - otherwise a particular account is needed to migrate.