O R G A N I C / F E R T I L I Z E R: searching for an object by guid in active directory

Sep 3, 2013

searching for an object by guid in active directory

before we get started, why the need for this? well, you can’t straight up search active directory for an object with a guid that looks like this: {af966e8e-7aee-4c0f-b0c8-1985de37c276}. this is referred to as “registry format.” there are two ways to do this as i will illustrate below.

 

the short way

adfind -binenc -f "objectguid={{GUID:af966e8e-7aee-4c0f-b0c8-1985de37c276}}"

handles all the conversions quite nicely as long as you specify the correct type.

 

the long way

$myGUID = [guid]'af966e8e-7aee-4c0f-b0c8-1985de37c276'
$myGUIDhex = –join ($myGUID.ToByteArray() | % { $_.tostring("X").padleft(2,"0")})
$myGUIDhex = $myGUIDhex -replace '(..)','\$1'
get-qadobject –ldapfilter "(objectguid=$myGUIDhex)"

switches the guid to hex and builds an value that looks like 8E6E96AFEE7A0F4CB0C81985DE37C276 and eventually \8E\6E\96\AF\EE\7A\0F\4C\B0\C8\19\85\DE\37\C2\76 which is used in the search filter.

 

learned a few things here. first, adfind continues to rock. never used the –binenc switch before. second, never used –join in powershell. third, never had the occasion to use $1 variables in regex. all great stuff.

thanks to this article.