searching for an object by guid in active directory

before we get started, why the need for this? well, you can’t straight up search active directory for an object with a guid that looks like this: {af966e8e-7aee-4c0f-b0c8-1985de37c276}. this is referred to as “registry format.” there are two ways to do this as i will illustrate below.

 

the short way

adfind -binenc -f "objectguid={{GUID:af966e8e-7aee-4c0f-b0c8-1985de37c276}}"

handles all the conversions quite nicely as long as you specify the correct type.

 

the long way

$myGUID = [guid]'af966e8e-7aee-4c0f-b0c8-1985de37c276'
$myGUIDhex = –join ($myGUID.ToByteArray() | % { $_.tostring("X").padleft(2,"0")})
$myGUIDhex = $myGUIDhex -replace '(..)','\$1'
get-qadobject –ldapfilter "(objectguid=$myGUIDhex)"

switches the guid to hex and builds an value that looks like 8E6E96AFEE7A0F4CB0C81985DE37C276 and eventually \8E\6E\96\AF\EE\7A\0F\4C\B0\C8\19\85\DE\37\C2\76 which is used in the search filter.

 

learned a few things here. first, adfind continues to rock. never used the –binenc switch before. second, never used –join in powershell. third, never had the occasion to use $1 variables in regex. all great stuff.

thanks to this article.