objectSID format dumped by LDIFDE

M

MLi

Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to be base64
format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in ADSIEDIT or
LDP?


Michael
 
D

Dean Wells [MVP]

My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of Unicode/ASCII
characters. Are you getting something even remotely like this -

?? ?§ Æ?<w?°`????2??

?
 
M

MLi

Exactly. Do you have any recommandation of the encoder/decoder can reverse
it back to hex?


Dean Wells said:
My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of Unicode/ASCII
characters. Are you getting something even remotely like this -

?? ?? ?<w?°`????2??

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to be
base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
D

Dean Wells [MVP]

Not off hand, how do you want it to look once decoded?

S-1-5-21-blah.blah

... or

01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C 77

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Exactly. Do you have any recommandation of the encoder/decoder can
reverse it back to hex?


Dean Wells said:
My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of
Unicode/ASCII characters. Are you getting something even remotely
like this - ?? ?? ?<w?°`????2??

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
D

Dean Wells [MVP]

PS - There's a tool written by a fellow MVP that's become very popular
(for good reason); ADfind.EXE. It's available from
http://www.joeware.net and will provide a legible objectSID decode,
e.g. -

C:\>adfind -b cn=administrator,cn=users,dc=msettest,dc=net objectSID

AdFind V01.26.00cpp Joe Richards ([email protected]) February 2005

Using server: odyssey.mset.local
Directory: Windows Server 2003

dn:CN=Administrator,CN=Users,DC=msettest,DC=local
objectSid: S-1-5-21-1200478324-492123223-851235398-500

1 Objects returned

<sarcasm for joe>
I can't believe I just recommended one of his tools ... there has to be
another way to do this :)
</sarcasm>
 
M

MLi

I would it looks like "01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C 77" - as
in ADSIEDIT...


Dean Wells said:
Not off hand, how do you want it to look once decoded?

S-1-5-21-blah.blah

.. or

01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C 77

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Exactly. Do you have any recommandation of the encoder/decoder can
reverse it back to hex?


Dean Wells said:
My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of
Unicode/ASCII characters. Are you getting something even remotely
like this - ?? ?? ?<w?°`????2??

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

MLi wrote:
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
D

Dean Wells [MVP]

Aside from using an external binary such as the one I mentioned earlier,
the best I've found so far is the legacy DEBUG.EXE.

C:\>debug foo.ldf
- d

.... the first line or so is of interest. Scripting that may be awkward.

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
I would it looks like "01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C
77" - as in ADSIEDIT...


Dean Wells said:
Not off hand, how do you want it to look once decoded?

S-1-5-21-blah.blah

.. or

01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C 77

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Exactly. Do you have any recommandation of the encoder/decoder can
reverse it back to hex?


My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of
Unicode/ASCII characters. Are you getting something even remotely
like this - ?? ?? ?<w?°`????2??

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

MLi wrote:
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64
encoder. Anyone know how can I convert these value to the format
as in
ADSIEDIT or LDP?


Michael
 
C

Cary Shultz [A.D. MVP]

And take a look at all of his tools while there! oldcmp is also quite
useful!

And I always recommend his tools! They are wonderful!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



Dean Wells said:
PS - There's a tool written by a fellow MVP that's become very popular
(for good reason); ADfind.EXE. It's available from http://www.joeware.net
and will provide a legible objectSID decode, e.g. -

C:\>adfind -b cn=administrator,cn=users,dc=msettest,dc=net objectSID

AdFind V01.26.00cpp Joe Richards ([email protected]) February 2005

Using server: odyssey.mset.local
Directory: Windows Server 2003

dn:CN=Administrator,CN=Users,DC=msettest,DC=local
objectSid: S-1-5-21-1200478324-492123223-851235398-500

1 Objects returned

<sarcasm for joe>
I can't believe I just recommended one of his tools ... there has to be
another way to do this :)
</sarcasm>

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to be
base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
M

MLi

Yes, I find debug is really helpful sometimes, although it's not as popular
as in the time of DOS

Dean Wells said:
Aside from using an external binary such as the one I mentioned earlier,
the best I've found so far is the legacy DEBUG.EXE.

C:\>debug foo.ldf
- d

... the first line or so is of interest. Scripting that may be awkward.

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
I would it looks like "01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C
77" - as in ADSIEDIT...


Dean Wells said:
Not off hand, how do you want it to look once decoded?

S-1-5-21-blah.blah

.. or

01 05 00 00 00 00 00 05-15 00 00 00 92 E0 3C 77

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

MLi wrote:
Exactly. Do you have any recommandation of the encoder/decoder can
reverse it back to hex?


My guess is that your base64 decoder is indeed decoding it but is
attempting to represent the decoded result as a string of
Unicode/ASCII characters. Are you getting something even remotely
like this - ?? ?? ?<w?°`????2??

?

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

MLi wrote:
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64
encoder. Anyone know how can I convert these value to the format as
in
ADSIEDIT or LDP?


Michael
 
D

Dean Wells [MVP]

You know I was teasing right ;)

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
And take a look at all of his tools while there! oldcmp is also quite
useful!

And I always recommend his tools! They are wonderful!


Dean Wells said:
PS - There's a tool written by a fellow MVP that's become very
popular (for good reason); ADfind.EXE. It's available from
http://www.joeware.net and will provide a legible objectSID decode,
e.g. - C:\>adfind -b cn=administrator,cn=users,dc=msettest,dc=net
objectSID

AdFind V01.26.00cpp Joe Richards ([email protected]) February 2005

Using server: odyssey.mset.local
Directory: Windows Server 2003

dn:CN=Administrator,CN=Users,DC=msettest,DC=local
objectSid: S-1-5-21-1200478324-492123223-851235398-500

1 Objects returned

<sarcasm for joe>
I can't believe I just recommended one of his tools ... there has to
be another way to do this :)
</sarcasm>

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
C

Cary Shultz [A.D. MVP]

Yep!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



Dean Wells said:
You know I was teasing right ;)

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l
And take a look at all of his tools while there! oldcmp is also quite
useful!

And I always recommend his tools! They are wonderful!


Dean Wells said:
PS - There's a tool written by a fellow MVP that's become very
popular (for good reason); ADfind.EXE. It's available from
http://www.joeware.net and will provide a legible objectSID decode,
e.g. - C:\>adfind -b cn=administrator,cn=users,dc=msettest,dc=net
objectSID

AdFind V01.26.00cpp Joe Richards ([email protected]) February 2005

Using server: odyssey.mset.local
Directory: Windows Server 2003

dn:CN=Administrator,CN=Users,DC=msettest,DC=local
objectSid: S-1-5-21-1200478324-492123223-851235398-500

1 Objects returned

<sarcasm for joe>
I can't believe I just recommended one of his tools ... there has to
be another way to do this :)
</sarcasm>

--
Dean Wells [MVP / Directory Services]
MSEtechnology
[[ Please respond to the Newsgroup only regarding posts ]]
R e m o v e t h e m a s k t o s e n d e m a i l

MLi wrote:
Hi All,

When I use LDIFDE to dump AD, the objectSID and objectGUID turn to
be base64 format, however they cannot be uncoded by base64 encoder.

Anyone know how can I convert these value to the format as in
ADSIEDIT or LDP?


Michael
 
J

Joe Richards [MVP]

LOL. As I was reading this I was thinking, holy crap, I can't believe Dean is
recommending one of my tools in a public forum...

joe
 
D

Dean Wells [MVP]

I know ... I know ... I knew the day would come at some point but I'd
hoped it would be much later in life ;-)
 
D

Dean Wells [MVP]

Oh perrrrrlease, I bite neither ankles nor knees ... I am known for
twisting things though :-O
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top