Convert ADSI objectguid to ad cmdlet objectguid

Welcome Forums General PowerShell Q&A Convert ADSI objectguid to ad cmdlet objectguid

This topic contains 4 replies, has 2 voices, and was last updated by

 
Participant
2 months ago.

  • Author
    Posts
  • #114091

    Participant
    Points: 23
    Rank: Member

    Hi,

    I have retreived an ad group object using the adsi accelerator thus:

    $group = [ADSI]"LDAP://groupdn"

    When I run the command:

    New-Object guid $group .objectguid

    I get a guid:  3ab53fac-c574-4322-a604-b7de7bce7a16

    However when i run the ad cmdlet:

    Get-adgroup groupdn

    it returns an objectguid of : 47febe0b-ff55-4219-9530-0f14d897f6f4

    How do I convert the ADSI objectguid 3ab53fac-c574-4322-a604-b7de7bce7a16 to the objectguid value returned by the ad cmdlets please?

    Thanks

    David Z

     

  • #114094

    Participant
    Points: 322
    Helping Hand
    Rank: Contributor

    What are you trying to accomplish?

    Why are you trying exercise both as something different?

    GUID's are unique for the target object they are created for, you cannot convert a GUID from one to the another.

    Know what you are seeing is a representation of exactly the same object. One as .Net and the other as LDAP. Here's what you may need to comes to grips with when it comes to GUIDs proper taxonomy. Stick with one identifier or the other.  The difference is in the formatting.

    • `DirectoryEntry.NativeGUID` is displayed in little-endian order (without dashes) which is how it's stored "natively" in the directory service and
    • `UserPricipal.GUID/DirectoryEntry.GUID` is displayed in big-endian order (with dashes). See the Wikipedia article on Endianess for details.

    So when you print out the value for NativeGUID (a string) it should not show any dashes (like your example does) unless you create a new GUID using the string as input (`Guid ng = new Guid(de.NativeGuid);`). That will create some confusion...

    The important thing is not to mix the two when storing the GUIDs in an external data source or storing a NativeGUID as a big-endian GUID, if that is what you are after.

    The UserPricipal.GUID/DirectoryEntry.GUID is how the objectGUID attribute is displayed using most Windows management tools (such as Active Directory Users and Computers and ADSI Edit) and how it's stored and displayed in SQL Server when you'd use the `uniqueidentifier` data type.

    LDAP/ADSI offers up 3 Guids: objectGUID, Guid, NativeGuid and the native Guid and the Guid are the same.

    .Net only has one, objectGuid.

     

    • #114096

      Participant
      Points: 23
      Rank: Member

      Get-ADgroup returns an objectguid.

      Using the ADSI accelerator on the same object returns multiple guids.

      Are you saying that none of the GUIDs returned by ADSI are derived from the same source attribute as the one returned by get-adgroup?

      If not then its surely just a matter of formatting.

    • #114099

      Participant
      Points: 23
      Rank: Member

      found the answer which was actually in my question so I mustve made a booboo somewhere.

      If ADSI returns the objectguid in a decimal byte array format then

      "new-object guid $group .objectguid"

      does indeed return the format as displayed in get-adgroup

    • #114102

      Participant
      Points: 322
      Helping Hand
      Rank: Contributor

      Glad to see you got things all worked out.

You must be logged in to reply to this topic.