PowerShell Search AD by GUID


A question was posted on http://social.technet.microsoft.com/Forums/en/ITCG/thread/728c6aed-a3ef-4b6f-b5bc-28024251d5eb “I have GUID’s from event log’s and such that I need to be able to take and convert to a human readable name”

PowerShell can do this with the RSAT tools or the Quest AD cmdlets have this functionality built in, but I like doing things the hard way.

So, I answered the question with my own version of a Get-ADObject script.

To prevent conflicts, I call my script Get-ADObjectByGUID.ps1

The hardest part was converting the GUID to the escaped form as referenced by Richard Mueller of Hilltop Lab fame. I’ve been a fan of Richard’s stuff for nearly a decade – if you are at all into ADSI scripting, I’d suggest you start there.

My first attempt at converting the GUID was the following:

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
function EscapeGuid
{
    $GuidParts = $GUID.Split(“-“)
    #Reverse only the first three parts
    $Reverse = $GuidParts[0].ToCharArray()[($GuidParts[0].Length1)..0] + $GuidParts[1].ToCharArray()[($GuidParts[1].Length1)..0] + $GuidParts[2].ToCharArray()[($GuidParts[2].Length1)..0] 
    $Rest = $GuidParts[3].ToCharArray() + $GuidParts[4].ToCharArray()
    for ($inc =0; $inc -lt $Reverse.Length; $inc+=2)
    {
        $EscapedGUID = $EscapedGUID + “\” + $Reverse[$inc+1] + $Reverse[$inc] 
    }
    for ($inc =0; $inc -lt $Rest.Length; $inc+=2)
    {
        $EscapedGUID = $EscapedGUID + “\” + $Rest[$inc] + $Rest[$inc+1] 
    }
    return $EscapedGUID
}

Which worked, but was more lines than I wanted.

My second attempt was a little better, but way too convoluted. (Line 004 is 464 characters!)

001
002
003
004
005
006
function EscapeGuid
{
    $guid = $guid.Split(“-“)
    $EscapedGuid = “\”+$guid[0].Substring(6,2)+“\”+$guid[0].Substring(4,2)+“\”+$guid[0].Substring(2,2)+“\”+$guid[0].Substring(0,2)+“\”+$guid[1].Substring(2,2)+“\”+$guid[1].Substring(0,2)+“\”+$guid[2].Substring(2,2)+“\”+$guid[2].Substring(0,2)+“\”+$guid[3].Substring(0,2)+“\”+$guid[3].Substring(2,2)+“\”+$guid[4].Substring(0,2)+“\”+$guid[4].Substring(2,2)+“\”+$guid[4].Substring(4,2)+“\”+$guid[4].Substring(6,2)+“\”+$guid[4].Substring(8,2)+“\”+$guid[4].Substring(10,2)
    return $EscapedGUID
}

 

My third attempt is a far simpler function:

001
002
003
004
005
006
007
function EscapeGuid
{
 $match = “(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})”
 $Pattern = ‘”\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16″‘
$EscapedGUID = [regex]::Replace($guid.replace(“-“,“”), $match, $Pattern).Replace(“`””,“”)
return $EscapedGUID
}

 

Much nicer 🙂

The whole script is:

001
002
003
004
005
006
007
008
009
010
011
012
013
014
015
016
017
018
019
020
021
022
023
024
025
026
027
028
029
030
031
032
033
034
035
036
037
038
039
040
041
042
043
044
045
046
047
048
049
050
051
052
053
054
055
056
057
058
059
060
061
062
063
064
065
066
067
068
069
070
071
072
073
074
075
076
077
078
079
080
081
082
083
084
085
086
087
088
089
090
091
092
093
094
095
096
097
098
099
100
101
102
103
104
105
106
107
108
109
110
111
112
#
#.SYNOPSIS
# This script finds an Active Directory object by GUID.
#.DESCRIPTION
# This script searches the default (or specified) domain for an AD Object based upon a GUID or GUID’s entered.
#.NOTES
# File Name : Get-ADObjectByGUID.ps1
# Author : Karl Mitschke
# Requires : PowerShell Version 2.0
#.LINK
# This script posted to:
# https://unlockpowershell.wordpress.com
#.EXAMPLE
# Get-ADObjectByGuid <guid>,<guid>
# Description
# ———–
# This command searches the default domain for the entered GUID’s
#.EXAMPLE
# <guid>,<guid> | Get-ADObjectByGuid
# Description
# ———–
# This command searches the default domain for the entered GUID’s
#.EXAMPLE
# Get-Content guids.txt | Get-ADObjectByGUID.ps1
# Description
# ———–
# This command gets a list of GUIDS from a file, and searches for each GUID in the default domain.
#.EXAMPLE
# Get-Content guids.txt | Get-ADObjectByGUID.ps1 -Domain contoso.com
# Description
# ———–
# This command gets a list of GUIDS from a file, and searches for each GUID in the contoso.com domain.
#
#.PARAMETER Domain
# The Domain to search (Optional).
#.PARAMETER GUIDS
# The GUID(s) to search for (Required).
#.INPUTS
# One or more GUID’s are required.
# The Domain name to search is optional. If not specified, the script will search the current domain.
#.OUTPUTS
# This script outputs the GUID and Name of an AD Object.
# If the GUID is not found, the script outputs the GUID and a message indicating that the GUID is not found on the domain.
#

param ( 
[Parameter(
Position = 0,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Mandatory = $true,
HelpMessage = “An array of GUID’s.”
)]
[string[]]$GUIDS,
[Parameter(
Position = 1,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $true,
Mandatory = $false,
HelpMessage = “The domain to search.”
)]
[string]$Domain
)
BEGIN{
}
PROCESS{
function EscapeGuid
{
#finally
$match = “(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})”
$Pattern = ‘”\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16″‘
$EscapedGUID = [regex]::Replace($guid.replace(“-“,“”), $match, $Pattern).Replace(“`””,“”)
return $EscapedGUID
}
$Objects = @()
foreach($GUID in $GUIDS)
{
if ($GUID -match(“^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$”))
{
$EscapedGUID = EscapeGuid
if (!$Domain)
{
$Root = [ADSI]
}
else
{
$Root = [ADSI]“LDAP://$Domain”
}
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
$searcher.filter = “(objectGUID=$EscapedGUID)”
$Object = $searcher.FindOne()
if ($Object)
{
$Objects += $guid + ” is “ + $Object.Properties.name
}
else
{
$Objects += $guid + ” is not found on “ + $searcher.SearchRoot.Name[0]
}
}
else
{
Write-Output “$GUID is not a valid GUID. Valid GUID’s are in the format ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'”
}
}
$Objects
}
END{
}

Advertisements
  1. #1 by MOW on July 22, 2010 - 23:23

    an even smaller option 😉

    “\” + ((([GUID]$guid).ToByteArray() |% {“{0:x}” -f $_}) -join ‘\’)

    Greetings MOW

  2. #3 by Greg on May 19, 2011 - 07:55

    Thanks for the script, very useful. one small error, extra quote on line 113

    • #4 by Karl Mitschke on August 23, 2011 - 08:27

      Thanks, Greg;

      I only show 112 lines in this verdion, can you tell me which one you are referring to?

      Karl

      • #5 by John Kane on July 17, 2012 - 09:56

        $Root = [ADSI]”

        should be

        $Root = [ADSI]”” instead

        Apart from that the script is awesome thanks,

      • #6 by Karl Mitschke on July 17, 2012 - 10:11

        Thanks, John!

        I have some issues with pasting quotes which I am trying to overcome.

        Karl

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: