0

We have active directory syncronization setup between our on-premises AD server and Microsoft hosted Exchange (business productivity online services).

I've started getting a daily error report, which details an error for a specific AD user, however it references it by GUID. I can't find any info on how to translate that object guid into something meaningful so I can find and fix the problem.

The error is reported as:

Error 005: Unable to set the alias for this object in Microsoft Online Services because either the primary SMTP address, the e-mail nickname, or the SAM account name in the local Active Directory contains an invalid character.

in reference to the Object GUID:

CN={8443cbb4-5199-49f0-9529-ce965430dca6}

How can I translate that object guid into a friendly object name?

1 Answers1

1

User objects do have an attribute named 'ObjectGUID'. I believe this is fetchable with a command similar to the following:

dsquery * dc=your,dc=domain -scope sub -filter (ObjectGUID={8443cbb4-5199-49f0-9529-ce965430dca6})

I'm not 100% sure of how to query a GUID, but it should be possible. I can't double-check right now.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • Thanks for that - didn't know about `dsquery`. I wasn't able to work out how to query by ObjectGUID, but since we've got a relatively small userlist I was able to get a list of users, with the sAMAccountName and ObjectGUID attributes and just lookup the guid from that list in excel. – Michael Shimmins Jan 30 '11 at 05:58
  • @MichaelShimmins We've had dsquery since WinXP, but I didn't know about it until I started futzing with Vista :P. – sysadmin1138 Jan 30 '11 at 06:04