Searching for a objectGUID in AD

Question

I'm using the Active Directory Explorer from Mark Russinovich. It is a great tool.

I'm using it to navigate active directory to make sure my program that uses DirectorySearcher from .NET returns correct data.

Something happens though, when I try to search inside my program with DirectorySearcher for objectGUID, if I pass in the actual GUID as a string it doesn't return anything, where as if I use Active Directory Explorer, when I add

objectGuid with value f8d764ff-9a6a-418e-a641-b6f99661a8d5, its search clause becomes: (objectGUID=\FFd\D7\F8j\9A\8EA\A6A\B6\F9\96a\A8\D5*)

How do I do this for directorySearcher in my program, I'm guessign it's an octet string thing, but I can't figure it out.

Answer 1

...
searcher.PropertiesToLoad.Add("objectGUID");

SearchResultCollection found = found = searcher.FindAll();

foreach (SearchResult result in found)
{
   Guid oGuid = new Guid((byte[])result.Properties["objectGUID"][0]);
}
...

Answer 2

To get an Octet String usable by ADExplorer, apply these steps to the GUID string:

• first uppercase the GUID:

F8D764FF-9A6A-418E-A641-B6F99661A8D5

• split it on each dash into five parts:

F8D764FF, 9A6A, 418E, A641, B6F99661A8D5

• split each part into bytes (two hex digits each):

{F8, D7, 64, FF}, {9A, 6A}, {41, 8E}, {A6, 41}, {B6, F9, 96, 61, A8, D5}

• reverse the bytes of the first three parts:

{FF, 64, D7, F8}, {6A, 9A}, {8E, 41}, {A6, 41}, {B6, F9, 96, 61, A8, D5}

• disregard the division into parts:

FF, 64, D7, F8, 6A, 9A, 8E, 41, A6, 41, B6, F9, 96, 61, A8, D5

• prepend a backslash to every byte:

\FF, \64, \D7, \F8, \6A, \9A, \8E, \41, \A6, \41, \B6, \F9, \96, \61, \A8, \D5

• concatenate the bytes:

\FF\64\D7\F8\6A\9A\8E\41\A6\41\B6\F9\96\61\A8\D5