Search AD by GUID

Question

How do I search Active Directory for objects by GUID? In other words, what would be a good way to find what objects belong to specified GUIDs?

Answer 1

Either on a DC or install RSAT and enable AD Tools:

Open "Active Director Module for Windows PowerShell" (find it in with the other Admin tools)

get-aduser -id {guid}

Or for any object:

get-adobject -id {guid}

Might want to pipe it through a format-list to make it readable:

get-adobject -id {guid} | fl

Answer 2

Using Powershell and the QuestAD cmdlets, the following code returns my user account based on my guid.

$Guid = "d65e4578-475a-422e-ac99-123456789012"

Get-QADUser -IncludeAllProperties|Where {$_.guid -eq $Guid}

Not the most efficient manner since it loads all objects from AD while doing the search, but it worked for me.

Answer 3

ADSI is installed by default on Windows.

Does not require installing any additional modules.

Powershell Example:

# define constants
$LDAPserver = "DeathStar.Empire.Galactic"
$GetItem  = "GUID=d65e4578-475a-422e-ac99-123456789012"

# use this if you have a SID
# $GetItem  = "SID=S-1-1-555-423432-437584356"

# Get the Distinguished Name
$DistinguishedName = $([ADSI]"LDAP://$($LDAPserver)/<$($GetItem)>").DistinguishedName

# Use the distinguished name to fetch the actual object
$Searcher = [ADSISearcher] ([ADSI] "LDAP://$(LDAPserver)")
$Searcher.Filter = "(&(objectCategory=Person)(DistinguishedName=$($DistinguishedName)))"
$AdsiObject = $Searcher.FindAll()

# Get the ADSI object properties
$AdsiObject.properties

Answer 4

$guid = "d65e4578-475a-422e-ac99-123456789012"

foreach ($dom in (Get-adforest).Domains) { Get-ADObject -filter {ObjectGUID -eq $guid } -Properties * -Server $dom | fl }