Check, that your natural, primary keys can not change over time. There are keys which can not change, like an IBAN for identifying an account.
Other attributes looks like they can be used as a primary key but they are not. You have to take a look into the domain model of the domain and their technical implementation. It could come to problems if you are using an userPrincipalName or sAMAccoutName of an Active Directory as a natural key. Both attributes can be easily changed by the administrators. Instead, use something like the objectGuid of an Active Directory user.