Matching the GUID from AD with MPS Databases - Updated
UPDATED - June 28th
- The XML procedure has been updated for HMC 4.5
We all know how the PlanManager database and the ResourceManager database are used to keep track of plans and the relationship between MPS and the Active Directory. We know that each object in the Active Directory has unique objectGUID and hence the objectGUID is being referenced to by both databases.
Because objectGUID is unique, it is important to understand that recreating a user, even though it has all the similar display name, last name, password length and all other attributes, it will still be a different object altogether. Knowing this is important because this is how MPS maintain the reference and relationship between AD and MPS.
However, if you look at the database, you will realize that the reference of GUID can be somewhat confusing sometimes because depending on different databases, MPS stores the GUID in different format. I am going to attempt to demystify some of those confusions.
Let’s start. Most of the time, if the AD Object GUID is not being used as the primary key, then it is being stored as the short format (or unformatted GUID) such as this, a 32 digit alphanumeric (0-F)
78CD7DD959FCE840891BA6C698AF1C27
If it is being used as a primary key, then it is usually stored in the long format (or formatted GUID), such as this,
Also, a 36-digit alphanumeric (including hyphens)
7642104C-8DC8-3B4A-A421-A8EFD444CAEE
For example,
In PlanManager database
The Customer table uses the AD Object GUID as the primary key of the table. CustomerID refers to the object GUID of the AD object. The format is in the long GUID format.
The MailboxGUID is in the short format as it is referenced as an asset in the CustomerAsset table.
AD Items |
Sample GUID format stored |
OU\Organization Unit |
7642104c-8dc8-3b4a-a421-a8efd444caee |
User Object |
f9924535-7be0-7240-bd26-48063e72a69c |
MailboxGUID |
78CD7DD959FCE840891BA6C698AF1C27 |
In ResourceManager database
All the GUID references are not primary keys of the table. They are being reference usually in instance_name, instance_location. Instead of using the AD object GUID as the primary key, the system will generate their own GUID such as resource ID, consumer ID as unique primary reference. That’s why you will see the reference to Active Directory object GUID is usually in the short format.
AD Items |
Sample GUID format stored |
OU\Organization Unit |
7E14E9FE8BDF964186D3ABDDABA27AF1 |
User Object |
A2C07FE63CCECB43B62FAA5210B680DF |
Mailbox Database |
265F75BCBB614C4C9568B205130E0ECF |
How GUID appears in different Tools
Depending on the tool you use, you may see different format and arrangement of the alphanumeric digit as well. Note the following,
If you use LDP, when you look at the Active Directory objectGUID, you will see something like the following,
B45FC1B6-212F-47F1-88DD-78889D1DD2A9
For the same object, if you use ADSIEdit, you will see something like this,
B6 C1 5F B4 2F 21 F1 47 88 DD 78 88 9D 1D D2 A9
The above are from the same object but being presented differently. Note the front 16 alpha numeric digits have been flipped.
Now how is this represented in the database? Basically, MPS stores the format as you are seeing in ADSIEdit. What MPS does is this, for short format, it basically just take the format as in ADSIEdit and remove the space in between, like this, B6C15FB42F21F14788DD78889D1DD2A9.
For the long format, this is where it can be confusing. It isn’t following the format as in LDP, instead, it takes the format as in ADSIEdit but slotted the hyphens in accordingly, so it becomes like this,
B6C15FB4-2F21-F147-88DD-78889D1DD2A9
Note: the highlighted portion was not flipped as in LDP. This is important to note.
Getting the object GUID from AD
Using HMC procedure
GUID to LDAP
<?xml version="1.0" encoding="utf-8"?> <request> <data> <GUID>1D9DFFDF5E9E9D4E8C8483D2DF151589</GUID> <preferredDomainController>AD01.HMC45.com</preferredDomainController> </data> <procedure> <execute namespace="Managed Active Directory" procedure="GUIDtoLDAP_" impersonate="2"> <executeData> </executeData> <before source="data" destination="executeData" mode="merge"/> <after source="executeData" destination="data" mode="insert" /> </execute> </procedure> </request> |
LDAP to GUID
<?xml version="1.0" encoding="utf-8"?> <request> <data> <LDAP>LDAP://OU=Alpineskihouse,OU=consolidatedmessenger,OU=Hosting,DC=hmc45,DC=Com</LDAP> <preferredDomainController>AD01.HMC45.com</preferredDomainController> </data> <procedure> <execute namespace="Managed Active Directory" procedure="LDAPtoGUID_" impersonate="2"> <executeData> </executeData> <before source="data" destination="executeData" mode="merge"/> <after source="executeData" destination="data" mode="insert" /> </execute> </procedure> </request> |