Convert ADSI objectguid to ad cmdlet objectguid

PowerShell Help
1

Hi,

I have retreived an ad group object using the adsi accelerator thus:

$group = [ADSI]“LDAP://groupdn”

When I run the command:

New-Object guid $group .objectguid

I get a guid: 3ab53fac-c574-4322-a604-b7de7bce7a16

However when i run the ad cmdlet:

Get-adgroup groupdn

it returns an objectguid of : 47febe0b-ff55-4219-9530-0f14d897f6f4

How do I convert the ADSI objectguid 3ab53fac-c574-4322-a604-b7de7bce7a16 to the objectguid value returned by the ad cmdlets please?

Thanks

David Z

 

2

What are you trying to accomplish?

Why are you trying exercise both as something different?

GUID’s are unique for the target object they are created for, you cannot convert a GUID from one to the another.

Know what you are seeing is a representation of exactly the same object. One as .Net and the other as LDAP. Here’s what you may need to comes to grips with when it comes to GUIDs proper taxonomy. Stick with one identifier or the other. The difference is in the formatting.

  • `DirectoryEntry.NativeGUID` is displayed in little-endian order (without dashes) which is how it's stored "natively" in the directory service and
  • `UserPricipal.GUID/DirectoryEntry.GUID` is displayed in big-endian order (with dashes). See the Wikipedia article on Endianess for details.
So when you print out the value for NativeGUID (a string) it should not show any dashes (like your example does) unless you create a new GUID using the string as input (`Guid ng = new Guid(de.NativeGuid);`). That will create some confusion...

The important thing is not to mix the two when storing the GUIDs in an external data source or storing a NativeGUID as a big-endian GUID, if that is what you are after.

The UserPricipal.GUID/DirectoryEntry.GUID is how the objectGUID attribute is displayed using most Windows management tools (such as Active Directory Users and Computers and ADSI Edit) and how it’s stored and displayed in SQL Server when you’d use the `uniqueidentifier` data type.

LDAP/ADSI offers up 3 Guids: objectGUID, Guid, NativeGuid and the native Guid and the Guid are the same.

.Net only has one, objectGuid.

 

3

Get-ADgroup returns an objectguid.

Using the ADSI accelerator on the same object returns multiple guids.

Are you saying that none of the GUIDs returned by ADSI are derived from the same source attribute as the one returned by get-adgroup?

If not then its surely just a matter of formatting.

4

found the answer which was actually in my question so I mustve made a booboo somewhere.

If ADSI returns the objectguid in a decimal byte array format then

“new-object guid $group .objectguid”

does indeed return the format as displayed in get-adgroup

5

Glad to see you got things all worked out.