通过

How to find the Object that belongs to a GUID

  • 项目

When troubleshooting an error message which only displays a GUID, and does not make any reference to a specific object, there are several tools that are used to find that object: ADExplorer, ADFind...etc.

Since most Admins have the Support Tools installed, below is a description of an easier way to find that object, by using LDP.

The search has to be done on the Domain Controller.

Start-Run- LDP

Connection –> Connect

 

Connect using the Global Catalog port: 3268

image

 

 

Connection – Bind

image

 

View - > Tree

image

 

OK

Right click on the domain -> Search

image

 

Under “Base DN” insert: <GUID=HereYouInsertTheGuid>

Under “Filter” insert: objectclass=*

 

image

 

Then click on Options, and change the limits as shown here:

 

image

 

 

If the time limit and/or the Timeout milliseconds are on 0 (as it is by default), then the search might not find anything, so it is recommended to increase those values.

 

Here the name of the user is “Greu Greuceanu”, and the results show a lot of information like: Distinguished Name,Creation date,UserPrincipalName, even the phone number:

image

 

If the error message comes in a similar format like:

Event ID: 9646
Description: Mapi session " 4034194C-21C1-4DC1-951D-652320577AN0 " exceeded the maximum of xxx objects ....

And the Event ID also only shows the GUID and does not point to any specific object, then the same steps as above should be followed, but the only difference will be that the criteria has to be modified since „Mapi Session“ means the search should be made for a Mailbox GUID.

This issue occurs if the Exchange Store.exe process cannot resolve the GUID to an msExchMailboxGuid attribute or to an objectGUID attribute. The Store.exe process may not be able to resolve the GUID if sibling domains exist in the same forest. A sibling domain is another domain that exists at the same level in the forest. When the Store.exe process tries to resolve the GUID, the Store.exe process sets the BaseDN parameter of the Lightweight Directory Access Protocol (LDAP) query to a value that is equal to the domain naming context of the user. If the Exchange server is in a sibling domain, the LDAP query returns no results.

 

If the GUID is not found in by searching with it’s original form, then it has to be modified as shown in the KB <https://support.microsoft.com/kb/899663>

 

Original GUID from the Event Log: 4034194C-21C1-4DC1-951D-651320577AN0

Divide it with backslashes: \40\34\19\4C\21\C1\4D\C1\95\1D\65\13\20\57\7A\N0

Invert the first 3 columns: \4C\19\34\40\C1\21\C1\4D\95\1D\65\13\20\57\7A\N0

(Leave the last 2 columns in their original form)

In the LDP, the search has to be done using:

Base DN: Just leave the Root Domain here

Filter: (&(objectclass=*)(msExchMailboxGuid=\4C\19\34\40\C1\21\C1\4D\95\1D\65\13\20\57\7A\N0))

image

And it should find the corresponding User.

 

Note: If there is any misconfiguration in the edited GUID such as one extra backslash or any hyphens, then the results will be NULL.

Comments

  • Anonymous
    January 01, 2003
    Very useful and clear,
    thank you.

    Rocco Daniele Ciaravolo

    Cle IT staff

  • Anonymous
    December 10, 2013
    easy peasy. I can't understand why MS thinks this much work to find a mailbox by a guid is ok.

  • Anonymous
    May 29, 2014
    This is Part II of my previous blog "Migrate On premise Mailboxes to Exchange online Using Cutover

  • Anonymous
    December 17, 2014
    Really Cool

    Sr. System Admin Zephyrs International Global

  • Anonymous
    April 01, 2015
    The comment has been removed

  • Anonymous
    June 02, 2016
    The comment has been removed

    • Anonymous
      May 10, 2017
      So why not directly find the name if u already using powershell to convert the guid.I'm taking a guid directly from a security event (get-eventlog >> $event.replacementstrings), which is in the form of %{guidstring}, so I trim the % in the function.function findName { param([Parameter(Mandatory=$True,Position=1)]$guid) $guid = $guid.Trim("%") $guid_object = [System.Guid]$Guid $Guidrebuild = ($guid_object.ToByteArray() | foreach { '' + $_.ToString(‘x2’) }) -join'' $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() $Root = $Domain.GetDirectoryEntry() $Search = [System.DirectoryServices.DirectorySearcher]$Root $Search.Filter = "(objectGUID=$Guidrebuild)" $Result = $Search.FindAll() ForEach ($entry In $Result) { $entry.properties.Item("distinguishedName") }}$guid = %{f406418c-af74-4c2c-b11c-121d4c8252b7}findName $guid