PowerShell Search AD by GUID

A question was posted on http://social.technet.microsoft.com/Forums/en/ITCG/thread/728c6aed-a3ef-4b6f-b5bc-28024251d5eb “I have GUID’s from event log’s and such that I need to be able to take and convert to a human readable name”

PowerShell can do this with the RSAT tools or the Quest AD cmdlets have this functionality built in, but I like doing things the hard way.

So, I answered the question with my own version of a Get-ADObject script.

To prevent conflicts, I call my script Get-ADObjectByGUID.ps1

The hardest part was converting the GUID to the escaped form as referenced by Richard Mueller of Hilltop Lab fame. I’ve been a fan of Richard’s stuff for nearly a decade – if you are at all into ADSI scripting, I’d suggest you start there.

My first attempt at converting the GUID was the following:

001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016

function EscapeGuid {     $GuidParts = $GUID.Split(“-“)     #Reverse only the first three parts     $Reverse = $GuidParts[0].ToCharArray()[($GuidParts[0].Length–1)..0] + $GuidParts[1].ToCharArray()[($GuidParts[1].Length–1)..0] + $GuidParts[2].ToCharArray()[($GuidParts[2].Length–1)..0]      $Rest = $GuidParts[3].ToCharArray() + $GuidParts[4].ToCharArray()     for ($inc =0; $inc -lt $Reverse.Length; $inc+=2)     {         $EscapedGUID = $EscapedGUID + “\” + $Reverse[$inc+1] + $Reverse[$inc]      }     for ($inc =0; $inc -lt $Rest.Length; $inc+=2)     {         $EscapedGUID = $EscapedGUID + “\” + $Rest[$inc] + $Rest[$inc+1]      }     return $EscapedGUID }

Which worked, but was more lines than I wanted.

My second attempt was a little better, but way too convoluted. (Line 004 is 464 characters!)

001 002 003 004 005 006

function EscapeGuid {     $guid = $guid.Split(“-“)     $EscapedGuid = “\”+$guid[0].Substring(6,2)+“\”+$guid[0].Substring(4,2)+“\”+$guid[0].Substring(2,2)+“\”+$guid[0].Substring(0,2)+“\”+$guid[1].Substring(2,2)+“\”+$guid[1].Substring(0,2)+“\”+$guid[2].Substring(2,2)+“\”+$guid[2].Substring(0,2)+“\”+$guid[3].Substring(0,2)+“\”+$guid[3].Substring(2,2)+“\”+$guid[4].Substring(0,2)+“\”+$guid[4].Substring(2,2)+“\”+$guid[4].Substring(4,2)+“\”+$guid[4].Substring(6,2)+“\”+$guid[4].Substring(8,2)+“\”+$guid[4].Substring(10,2)     return $EscapedGUID }

 

My third attempt is a far simpler function:

001 002 003 004 005 006 007

function EscapeGuid {  $match = “(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})”  $Pattern = ‘”\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16″‘ $EscapedGUID = [regex]::Replace($guid.replace(“-“,“”), $match, $Pattern).Replace(“`””,“”) return $EscapedGUID }

 

Much nicer 🙂

The whole script is:

001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 095 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 111 112

# #.SYNOPSIS # This script finds an Active Directory object by GUID. #.DESCRIPTION # This script searches the default (or specified) domain for an AD Object based upon a GUID or GUID’s entered. #.NOTES # File Name : Get-ADObjectByGUID.ps1 # Author : Karl Mitschke # Requires : PowerShell Version 2.0 #.LINK # This script posted to: # https://unlockpowershell.wordpress.com #.EXAMPLE # Get-ADObjectByGuid <guid>,<guid> # Description # ———– # This command searches the default domain for the entered GUID’s #.EXAMPLE # <guid>,<guid> | Get-ADObjectByGuid # Description # ———– # This command searches the default domain for the entered GUID’s #.EXAMPLE # Get-Content guids.txt | Get-ADObjectByGUID.ps1 # Description # ———– # This command gets a list of GUIDS from a file, and searches for each GUID in the default domain. #.EXAMPLE # Get-Content guids.txt | Get-ADObjectByGUID.ps1 -Domain contoso.com # Description # ———– # This command gets a list of GUIDS from a file, and searches for each GUID in the contoso.com domain. # #.PARAMETER Domain # The Domain to search (Optional). #.PARAMETER GUIDS # The GUID(s) to search for (Required). #.INPUTS # One or more GUID’s are required. # The Domain name to search is optional. If not specified, the script will search the current domain. #.OUTPUTS # This script outputs the GUID and Name of an AD Object. # If the GUID is not found, the script outputs the GUID and a message indicating that the GUID is not found on the domain. # param (  [Parameter( Position = 0, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = “An array of GUID’s.” )] [string[]]$GUIDS, [Parameter( Position = 1, ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false, HelpMessage = “The domain to search.” )] [string]$Domain ) BEGIN{ } PROCESS{ function EscapeGuid { #finally $match = “(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})” $Pattern = ‘”\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16″‘ $EscapedGUID = [regex]::Replace($guid.replace(“-“,“”), $match, $Pattern).Replace(“`””,“”) return $EscapedGUID } $Objects = @() foreach($GUID in $GUIDS) { if ($GUID -match(“^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$”)) { $EscapedGUID = EscapeGuid if (!$Domain) { $Root = [ADSI]” } else { $Root = [ADSI]“LDAP://$Domain” } $searcher = new-object System.DirectoryServices.DirectorySearcher($root) $searcher.filter = “(objectGUID=$EscapedGUID)” $Object = $searcher.FindOne() if ($Object) { $Objects += $guid + ” is “ + $Object.Properties.name } else { $Objects += $guid + ” is not found on “ + $searcher.SearchRoot.Name[0] } } else { Write-Output “$GUID is not a valid GUID. Valid GUID’s are in the format ‘xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'” } } $Objects } END{ }

Advertisement