locked
How to get ADUsers ObjectGUID as hexadecimal format using powershell RRS feed

  • Question

  • Unable to get OjectGUID in hexadecimal with using get-aduser.

    I'm able to covert with using LDAP query, but i have multiple account. So it would be great if anyone help to get or convert ObjectGUID with hexa format using powershell


    $guid = ([ADSI]'LDAP://CN=name,dc=dc,DC=com').Properties['objectguid'].item(0)
    $guidInHEX = [string]::Empty
    $guid | % { $guidInHEX += '{0:X}' -f $_ }
    $guidInHEX



    • Edited by Sarathi1012 Wednesday, September 18, 2019 11:07 AM
    Wednesday, September 18, 2019 10:46 AM

Answers

  • An object GUID is already in hex.

    To convert bytes to hex:

    PS C:\scripts> $b = [byte[]](0..15)
    PS C:\scripts> [bitconverter]::ToString($b)
    00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F
    PS C:\scripts>

    or

     [bitconverter]::ToString($b) -replace '-'


    \_(ツ)_/

    • Marked as answer by jrv Thursday, October 3, 2019 3:03 AM
    Wednesday, September 18, 2019 11:17 AM

All replies

  • An object GUID is already in hex.

    To convert bytes to hex:

    PS C:\scripts> $b = [byte[]](0..15)
    PS C:\scripts> [bitconverter]::ToString($b)
    00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F
    PS C:\scripts>

    or

     [bitconverter]::ToString($b) -replace '-'


    \_(ツ)_/

    • Marked as answer by jrv Thursday, October 3, 2019 3:03 AM
    Wednesday, September 18, 2019 11:17 AM
  • To convert a guid byte array to a string guid:

    PS C:\scripts> $g = [guid]::NewGuid()
    PS C:\scripts> $g.Guid
    80bc962e-7daf-4063-8771-c3198e4a4a47
    
    # next we make a byte array
    PS C:\scripts> $b = $g.ToByteArray()
    
    # and convert it into a string guid.
    PS C:\scripts> [guid]$b
    
    Guid
    ----
    80bc962e-7daf-4063-8771-c3198e4a4a47


    \_(ツ)_/

    Wednesday, September 18, 2019 11:21 AM
  • @jrv When i'm using below command i'm not getting the vaule in hex

    PS C:\> Get-ADUser lucerbcd | Select-Object objectguid

    objectguid
    ----------
    df6ca40f-801e-4a87-aa33-8026609c0e86

    But in Hex it is "0F A4 6C DF 1E 80 87 4A AA 33 80 26 60 9C 0E 86" please help me to get this value directly 

    Wednesday, September 18, 2019 11:28 AM
  • That is because the order in the string is not the byte order. I recommend looking up what a guid is and how it is constructed and stored as bytes.

    It is in a different and some bytes are flags so you cannot convert it except by using the [guid] object.


    \_(ツ)_/

    Wednesday, September 18, 2019 11:33 AM
  • Ok.. Part of user migration, we need to copy past objectGUID with hex format for multiple object. please let me know if we have any option to fulfill this requirement. I have tried my best but couldn't get any option other than manual copy.
    Wednesday, September 18, 2019 11:40 AM
  • Just use Get-AdUser to get the string guid. There is no need to use ADSI.  Why do you think you need to do this? The system knows what to do and returns the correct string guid.  We never use byte arrays converted to hex.


    \_(ツ)_/

    Wednesday, September 18, 2019 11:44 AM
  • Sarathy12, what you call the hex format is actually the byte array. The Get-ADUser cmdlet correctly converts the byte array into the standard hex GUID format.

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, September 18, 2019 11:56 AM
  • It may be the object that is causing confusion. Get-AdUser returns a "guid" object or type.

    $guid = Get-ADUser lucerbcd | Select-Object -expand objectguid
    $guid.ToString()

    This turns it into a string and this

    $guid.GetByteAray()

    Retrieves the byte array,

    If it is exported to a CSV then it will be automatically converted to a string.


    \_(ツ)_/


    • Edited by jrv Wednesday, September 18, 2019 12:09 PM
    Wednesday, September 18, 2019 12:08 PM

  • @Richard Mueller, thanks for your reply. My query is, for example when i use Get-ADUser i'm getting ObjectGUID is "df6ca40f-801e-4a87-aa33-8026609c0e86" but it should be "0F A4 6C DF 1E 80 87 4A AA 33 80 26 60 9C 0E 86"

     

    Wednesday, September 18, 2019 12:12 PM

  • @Richard Mueller, thanks for your reply. My query is, for example when i use Get-ADUser i'm getting ObjectGUID is "df6ca40f-801e-4a87-aa33-8026609c0e86" but it should be "0F A4 6C DF 1E 80 87 4A AA 33 80 26 60 9C 0E 86"

     

    A guid is not a hex array.  It is an object stored as a byte array that does NOT match the guid string.  You cannot migrate with a hexified byte aray.  You must use the full guid or the guid string and convert it into a guid object.

    For migrations I recommend the Migration Toolkit as it automates all of this.  Many cheap third party tools do not work correctly or do not know how to migrate the guids for history.  Th MT does this correctly and it is free for the download.


    \_(ツ)_/

    Wednesday, September 18, 2019 12:16 PM
  • Wednesday, September 18, 2019 12:19 PM
  • Here is the ADMT guide and examples https://www.microsoft.com/en-us/download/details.aspx?id=19188


    \_(ツ)_/

    Wednesday, September 18, 2019 12:20 PM
  • Thanks @Jrv, but already we are using Quest 
    Wednesday, September 18, 2019 1:13 PM
  • Thanks @Jrv, but already we are using Quest 

    What does that have to do with Quest. Quest is not a migration tool.  Also Quest is out of business.  What is left is just a shell and has not kept up with the newer system.  In any case the ADMT can still be used alongside of Quest.

    Quest is for provisioning and not useful for migrations.


    \_(ツ)_/


    • Edited by jrv Wednesday, September 18, 2019 1:18 PM
    Wednesday, September 18, 2019 1:17 PM
  • "0F A4 6C DF 1E 80 87 4A AA 33 80 26 60 9C 0E 86" is a byte array (a sequence of hexadecimal bytes). The equivalent GUID is "{df6ca40f-801e-4a87-aa33-8026609c0e86}".

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, September 18, 2019 1:49 PM
  • "0F A4 6C DF 1E 80 87 4A AA 33 80 26 60 9C 0E 86" is a byte array (a sequence of hexadecimal bytes). The equivalent GUID is "{df6ca40f-801e-4a87-aa33-8026609c0e86}".

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    I differ. A byte array is a sequence of binary bytes usually displayed as there integer equivalent.  A hex display of bytes is a string or array of strings.

    Nothing is ever stored in a computer in hex.  Internally it is all binary.  The display requies conversion to a string.

    Like this:

    $b = [byte[]](0..15)
    [bitconverter]::ToString($b)

    Which porduces this:

    00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F


    \_(ツ)_/

    Wednesday, September 18, 2019 1:54 PM
  • We should also note that the GUID is stored in AD as a byte array. It is not stored as hex or as a string. PowerShell/ADWS converts this to a GUID using this method:

    $guidbytes # from AD
    [guid]$guidbytes

    This converts the bytes to a Net GUID object.

    As I posted above this can be converted to a hex string like this:

    [bitconverter]::ToString($guidbytes )


    \_(ツ)_/

    Wednesday, September 18, 2019 2:01 PM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Thursday, October 3, 2019 2:53 AM