Convert ADSI objectguid to ad cmdlet objectguid

Welcome Forums General PowerShell Q&A Convert ADSI objectguid to ad cmdlet objectguid

This topic contains 4 replies, has 2 voices, and was last updated by

5 months, 1 week ago.

  • Author
  • #114091

    Points: 23
    Rank: Member


    I have retreived an ad group object using the adsi accelerator thus:

    $group = [ADSI]"LDAP://groupdn"

    When I run the command:

    New-Object guid $group .objectguid

    I get a guid:  3ab53fac-c574-4322-a604-b7de7bce7a16

    However when i run the ad cmdlet:

    Get-adgroup groupdn

    it returns an objectguid of : 47febe0b-ff55-4219-9530-0f14d897f6f4

    How do I convert the ADSI objectguid 3ab53fac-c574-4322-a604-b7de7bce7a16 to the objectguid value returned by the ad cmdlets please?


    David Z


  • #114094

    Points: 1,140
    Helping Hand
    Rank: Community Hero

    What are you trying to accomplish?

    Why are you trying exercise both as something different?

    GUID's are unique for the target object they are created for, you cannot convert a GUID from one to the another.

    Know what you are seeing is a representation of exactly the same object. One as .Net and the other as LDAP. Here's what you may need to comes to grips with when it comes to GUIDs proper taxonomy. Stick with one identifier or the other.  The difference is in the formatting.

    • `DirectoryEntry.NativeGUID` is displayed in little-endian order (without dashes) which is how it's stored "natively" in the directory service and
    • `UserPricipal.GUID/DirectoryEntry.GUID` is displayed in big-endian order (with dashes). See the Wikipedia article on Endianess for details.

    So when you print out the value for NativeGUID (a string) it should not show any dashes (like your example does) unless you create a new GUID using the string as input (`Guid ng = new Guid(de.NativeGuid);`). That will create some confusion...

    The important thing is not to mix the two when storing the GUIDs in an external data source or storing a NativeGUID as a big-endian GUID, if that is what you are after.

    The UserPricipal.GUID/DirectoryEntry.GUID is how the objectGUID attribute is displayed using most Windows management tools (such as Active Directory Users and Computers and ADSI Edit) and how it's stored and displayed in SQL Server when you'd use the `uniqueidentifier` data type.

    LDAP/ADSI offers up 3 Guids: objectGUID, Guid, NativeGuid and the native Guid and the Guid are the same.

    .Net only has one, objectGuid.


    • #114096

      Points: 23
      Rank: Member

      Get-ADgroup returns an objectguid.

      Using the ADSI accelerator on the same object returns multiple guids.

      Are you saying that none of the GUIDs returned by ADSI are derived from the same source attribute as the one returned by get-adgroup?

      If not then its surely just a matter of formatting.

    • #114099

      Points: 23
      Rank: Member

      found the answer which was actually in my question so I mustve made a booboo somewhere.

      If ADSI returns the objectguid in a decimal byte array format then

      "new-object guid $group .objectguid"

      does indeed return the format as displayed in get-adgroup

    • #114102

      Points: 1,140
      Helping Hand
      Rank: Community Hero

      Glad to see you got things all worked out.

The topic ‘Convert ADSI objectguid to ad cmdlet objectguid’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort