different GUID formats in AD?

Gémes Géza geza at kzsdabas.hu
Mon Apr 1 23:19:18 MDT 2013

2013-04-01 22:45 keltezéssel, Andrew Bartlett írta:
> On Mon, 2013-04-01 at 21:45 +0200, Gémes Géza wrote:
>> Hi,
>> Sorry if it is well known, I just didn't find a pointer.
>> I try to figure out how smart card logon could be implemented using
>> Samba4 (I'm using ejbca as the CA, which has a procedure for Win DCs and
>> I try to adapt it).
>> If I obtain the GUID of a (Samba 4.0.4) domain controller via ldbsearch:
>> ldbsearch -H /usr/local/samba/private/sam.ldb cn=DC0 objectGUID
>> I get:
>> objectGUID: c848f583-71f2-435b-afb6-8d5c9df4ae58
>> (which is what can be expected, according to:
>> http://en.wikipedia.org/wiki/Globally_unique_identifier
>> or
>> http://msdn.microsoft.com/en-us/library/aa373931%28VS.85%29.aspx)
>> however if I run the following vbscript (with command line argument DC0)
>> on a Windows 7 domain member:
>> it gives:
>> GUID: 83f548c8f2715b43afb68d5c9df4ae58
>> DNS hostname: DC0.kzsdabas.hu
>> I would be happy if anyone could give me a pointer why are the data1 and
>> data2 bytes swaped while data3 and data4 is in the original order.
> The difference is that samba's tools convert the GUID into the standard
> string format, while when you have obtained directly over LDAP you get
> it in NDR format.  We do the same for SIDs.
> Andrew Bartlett
Thank you!

Will have a look then to obtain the NDR representation directly as 
apparently that needs to be put in the certificate.


Geza Gemes

More information about the samba-technical mailing list