different GUID formats in AD?

Andrew Bartlett abartlet at samba.org
Mon Apr 1 14:45:50 MDT 2013

On Mon, 2013-04-01 at 21:45 +0200, Gémes Géza wrote:
> Hi,
> Sorry if it is well known, I just didn't find a pointer.
> I try to figure out how smart card logon could be implemented using 
> Samba4 (I'm using ejbca as the CA, which has a procedure for Win DCs and 
> I try to adapt it).
> If I obtain the GUID of a (Samba 4.0.4) domain controller via ldbsearch:
> ldbsearch -H /usr/local/samba/private/sam.ldb cn=DC0 objectGUID
> I get:
> objectGUID: c848f583-71f2-435b-afb6-8d5c9df4ae58
> (which is what can be expected, according to:
> http://en.wikipedia.org/wiki/Globally_unique_identifier
> or
> http://msdn.microsoft.com/en-us/library/aa373931%28VS.85%29.aspx)
> however if I run the following vbscript (with command line argument DC0) 
> on a Windows 7 domain member:

> it gives:
> GUID: 83f548c8f2715b43afb68d5c9df4ae58
> DNS hostname: DC0.kzsdabas.hu
> I would be happy if anyone could give me a pointer why are the data1 and 
> data2 bytes swaped while data3 and data4 is in the original order.

The difference is that samba's tools convert the GUID into the standard
string format, while when you have obtained directly over LDAP you get
it in NDR format.  We do the same for SIDs.   

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list