This topic contains 4 replies, has 2 voices, and was last updated by
October 14, 2018 at 10:06 pm #114091
I have retreived an ad group object using the adsi accelerator thus:
$group = [ADSI]"LDAP://groupdn"
When I run the command:
New-Object guid $group .objectguid
I get a guid: 3ab53fac-c574-4322-a604-b7de7bce7a16
However when i run the ad cmdlet:
it returns an objectguid of : 47febe0b-ff55-4219-9530-0f14d897f6f4
How do I convert the ADSI objectguid 3ab53fac-c574-4322-a604-b7de7bce7a16 to the objectguid value returned by the ad cmdlets please?
October 15, 2018 at 12:37 am #114094ParticipantPoints: 1,140Rank: Community Hero
What are you trying to accomplish?
Why are you trying exercise both as something different?
GUID's are unique for the target object they are created for, you cannot convert a GUID from one to the another.
Know what you are seeing is a representation of exactly the same object. One as .Net and the other as LDAP. Here's what you may need to comes to grips with when it comes to GUIDs proper taxonomy. Stick with one identifier or the other. The difference is in the formatting.
- `DirectoryEntry.NativeGUID` is displayed in little-endian order (without dashes) which is how it's stored "natively" in the directory service and
- `UserPricipal.GUID/DirectoryEntry.GUID` is displayed in big-endian order (with dashes). See the Wikipedia article on Endianess for details.
So when you print out the value for NativeGUID (a string) it should not show any dashes (like your example does) unless you create a new GUID using the string as input (`Guid ng = new Guid(de.NativeGuid);`). That will create some confusion...
The important thing is not to mix the two when storing the GUIDs in an external data source or storing a NativeGUID as a big-endian GUID, if that is what you are after.
The UserPricipal.GUID/DirectoryEntry.GUID is how the objectGUID attribute is displayed using most Windows management tools (such as Active Directory Users and Computers and ADSI Edit) and how it's stored and displayed in SQL Server when you'd use the `uniqueidentifier` data type.
LDAP/ADSI offers up 3 Guids: objectGUID, Guid, NativeGuid and the native Guid and the Guid are the same.
.Net only has one, objectGuid.
October 15, 2018 at 12:56 am #114096
Get-ADgroup returns an objectguid.
Using the ADSI accelerator on the same object returns multiple guids.
Are you saying that none of the GUIDs returned by ADSI are derived from the same source attribute as the one returned by get-adgroup?
If not then its surely just a matter of formatting.
October 15, 2018 at 3:10 am #114099
found the answer which was actually in my question so I mustve made a booboo somewhere.
If ADSI returns the objectguid in a decimal byte array format then
"new-object guid $group .objectguid"
does indeed return the format as displayed in get-adgroup
October 15, 2018 at 5:07 am #114102ParticipantPoints: 1,140Rank: Community Hero
Glad to see you got things all worked out.
The topic ‘Convert ADSI objectguid to ad cmdlet objectguid’ is closed to new replies.