You are missing the closing ">". Regarding the question on GUID binding syntax, 2K supports both octet string and "COM" GUID style with dashes. Just don't get them mixed up. The octet string is NOT the same as the COM GUID with no dashes.
bcd3e267-50ff-4780-afd6-d1bb3785ada5 and 67E2D3BCFF508047AFD6D1BB3785ADA5 are equivalent. Note the change of byte order on the first DWORD and the first 2 WORDs. Also, you can search by GUID and use them in LDIF files (generally for creating schema with fixed schemaIDGUID): (objectGUID=\67\E2\D3\BC\FF\50\80\47\AF\D6\D1\BB\37\85\AD\A5) and Z+LTvP9QgEev1tG7N4WtpQ== For the Base64 that LDIF requires. With SID binding, 2003 supports SDDL format and octet string, but 2K supports octet string only. HTH, Joe K. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, April 07, 2005 5:55 PM To: [email protected] Subject: RE: [ActiveDir] GUID resolution I'm running win2k sp4 in mixed mode. heres the result i get from prepending "GUID"- ldap_search_s(ld, "<GUID=c47ca389-0832-41bc-8030-3e0c7fd13674", 1, "(objectclass=*)", attrList, 0, &msg) Error: Search: Invalid DN Syntax. <34> Result <34>: 0000208F: NameErr: DSID-031001AA, problem 2006 (BAD_NAME), data 8350, best match of: '<GUID=c47ca389-0832-41bc-8030-3e0c7fd13674' Matched DNs: Getting 0 entries: Thanks -----Original Message----- From: Dean Wells [mailto:[EMAIL PROTECTED] Sent: Thursday, April 07, 2005 5:54 PM To: Send - AD mailing list Subject: RE: [ActiveDir] GUID resolution I'm guessing you mean "octet string" ... if so and if I understand what you're asking, not really ... <GUID=> and <SID=> are little more than hard-coded bits of server-side intelligence ... am I even answering your question? -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Thursday, April 07, 2005 5:45 PM To: [email protected] Subject: RE: [ActiveDir] GUID resolution Seems you can also use that syntax <GUID=xxxx> as the argument to -b in ADFIND, which makes sense, and is nice to know. Is this because that attribute's syntax is an Octal string? I'm just curious...not knowing too much about the way these things are stored! Thanks! -DaveC Reuters CIO Infrastructure -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Thursday, April 07, 2005 5:22 PM To: Send - AD mailing list Subject: RE: [ActiveDir] GUID resolution Noticed you said you're using 2K ... dashes are of no concern, at least to 2K3 ... don't have 2K directory handy to test right now. Either way, can't even remember if the <GUID=blah> base is supported on 2K ... assuming it is, you missed the <GUID= from the beginning of the entry. -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Thursday, April 07, 2005 5:05 PM To: [email protected] Subject: RE: [ActiveDir] GUID resolution Do I leave in the dashes? I pulled the guid from an error i've been getting in the Directory Services log on a DC. When i enter the guid in ldp, I get this- ldap_search_s(ld, "<1825a294808e4036adae51144dee742f>", 0, "(objectclass=*)", attrList, 0, &msg) Error: Search: Naming Violation. <64> Result <64>: 00000057: LdapErr: DSID-0C090563, comment: Error processing name, data 0, v893 Matched DNs: Getting 0 entries: I get the same thing when I leave in the dashes.- ldap_search_s(ld, "<1825a294-808e-4036-adae-51144dee742f>", 1, "(objectclass=*)", attrList, 0, &msg) Error: Search: Naming Violation. <64> Result <64>: 00000057: LdapErr: DSID-0C090563, comment: Error processing name, data 0, v893 Matched DNs: Getting 0 entries: Thanks Dean Wells wrote: > 1. Run LDP > 2. Connect and BIND > 3. Select Search > 4. Enter Base DN of <GUID=[whatever the GUID is]> ... include the > angled brackets > 5. Populate other dialogs accordingly, enter and run List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
