objectGUID search

Discussion in 'Active Directory' started by Benoit, Sep 14, 2007.

  1. Benoit

    Benoit Guest


    i try to find who or which Active directory object belongs a given objectGUID.
    i use LDP tool but i'm unable to query this.

    if i use such a filter, the query works : (objectGUID=*)
    but when i use this kind of query, i can't get any result:

    Could anyone help me to make this kind of query.
    Benoit, Sep 14, 2007
  2. Benoit

    Joe Kaplan Guest

    The value you provided isn't even a valid GUID (the last part is only 11 hex
    characters instead of the required 12), but if it was (lets pretend and add
    a 0 to make it valid), then the filter string would look like this:


    For this GUID:


    Essentially, you need to take the COM string GUID that you have, convert it
    to a binary GUID and then convert that binary data to an octet string with
    each binary byte prefixed by a \ as shown above.

    If you need help with doing that, there is a small .NET utility posted on
    the files section of www.directoryprogramming.net called GUIDConverter that
    does these conversions for you.

    Joe K.
    Joe Kaplan, Sep 14, 2007
  3. Benoit

    Wayne Tilton Guest

    If you have the GUID you don't need to search, you can bind directly to
    the object (if it exists). If you're using ADSI use:


    To do the same thing with other tools, e.g., adfind, it would be:

    adfind -b "<GUID=889fefba-e8dd-465e-9bf8-0e0c41129d4>"


    Wayne Tilton
    Wayne Tilton, Sep 17, 2007
  4. Benoit

    Benoit Guest

    First, i'd like to Thank you Joe for your help and your good idea to have
    given the link of the converter(very useful).

    unfortunately, my Ldp search still doesn't work :

    ldap_search_s(ld, "DC=spheria,DC=fr", 2,
    "(objectGUID=\0D\21\CB\F3\F9\EB\45\4C\84\25\54\96\D7\BA\48\F2)", attrList,
    0, &msg)
    Error: Search: Référence. <10>
    Server error: 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
    ref 1: 'spheria.fr'

    Result <10>: 0000202B: RefErr: DSID-0310063C, data 0, 1 access points
    ref 1: 'spheria.fr'

    Matched DNs:
    Getting 0 entries:

    have any idea about this error ?

    I note that the guid i used for this request exists in my AD, but i still
    can't find it using LDP ???
    Benoit, Sep 17, 2007
  5. Benoit

    Benoit Guest

    Thank you for your help Wayne, i'll try your way ASAP and post the result back.
    Benoit, Sep 17, 2007
  6. Benoit

    Joe Kaplan Guest

    The problem there isn't your filter, it is your search base. You are
    getting a referral returned from the server. Are you sure that the search
    base you specified is the NC root for that domain controller? I'd suggest
    copying the value published in the defaultNamingContext attribute from the
    RootDSE object that ldp.exe displays when it first connects to the server.

    Also, like Wayne said, you can bind directly to the object with the GUID DN
    string. To do that in ldp.exe, paste the string


    into the "View | Tree" dialog. It will do the same thing as searching by
    the GUID with a filter.

    If you need to search forest wide, connect to a GC instead and do a subtree
    search with a null base DN.

    Joe K.
    Joe Kaplan, Sep 17, 2007
