Matching the GUID from AD with MPS Databases - Updated

[アーティクル]
07/15/2009

UPDATED - June 28th

- The XML procedure has been updated for HMC 4.5

We all know how the PlanManager database and the ResourceManager database are used to keep track of plans and the relationship between MPS and the Active Directory. We know that each object in the Active Directory has unique objectGUID and hence the objectGUID is being referenced to by both databases.

Because objectGUID is unique, it is important to understand that recreating a user, even though it has all the similar display name, last name, password length and all other attributes, it will still be a different object altogether. Knowing this is important because this is how MPS maintain the reference and relationship between AD and MPS.

However, if you look at the database, you will realize that the reference of GUID can be somewhat confusing sometimes because depending on different databases, MPS stores the GUID in different format. I am going to attempt to demystify some of those confusions.

Let’s start. Most of the time, if the AD Object GUID is not being used as the primary key, then it is being stored as the short format (or unformatted GUID) such as this, a 32 digit alphanumeric (0-F)

78CD7DD959FCE840891BA6C698AF1C27

If it is being used as a primary key, then it is usually stored in the long format (or formatted GUID), such as this,

Also, a 36-digit alphanumeric (including hyphens)

7642104C-8DC8-3B4A-A421-A8EFD444CAEE

For example,

In PlanManager database

The Customer table uses the AD Object GUID as the primary key of the table. CustomerID refers to the object GUID of the AD object. The format is in the long GUID format.

The MailboxGUID is in the short format as it is referenced as an asset in the CustomerAsset table.

AD Items	Sample GUID format stored
OU\Organization Unit	7642104c-8dc8-3b4a-a421-a8efd444caee
User Object	f9924535-7be0-7240-bd26-48063e72a69c
MailboxGUID	78CD7DD959FCE840891BA6C698AF1C27

In ResourceManager database

All the GUID references are not primary keys of the table. They are being reference usually in instance_name, instance_location. Instead of using the AD object GUID as the primary key, the system will generate their own GUID such as resource ID, consumer ID as unique primary reference. That’s why you will see the reference to Active Directory object GUID is usually in the short format.

AD Items	Sample GUID format stored
OU\Organization Unit	7E14E9FE8BDF964186D3ABDDABA27AF1
User Object	A2C07FE63CCECB43B62FAA5210B680DF
Mailbox Database	265F75BCBB614C4C9568B205130E0ECF

How GUID appears in different Tools

Depending on the tool you use, you may see different format and arrangement of the alphanumeric digit as well. Note the following,

If you use LDP, when you look at the Active Directory objectGUID, you will see something like the following,

B45FC1B6-212F-47F1-88DD-78889D1DD2A9

For the same object, if you use ADSIEdit, you will see something like this,

B6 C1 5F B4 2F 21 F1 47 88 DD 78 88 9D 1D D2 A9

The above are from the same object but being presented differently. Note the front 16 alpha numeric digits have been flipped.

Now how is this represented in the database? Basically, MPS stores the format as you are seeing in ADSIEdit. What MPS does is this, for short format, it basically just take the format as in ADSIEdit and remove the space in between, like this, B6C15FB42F21F14788DD78889D1DD2A9.

For the long format, this is where it can be confusing. It isn’t following the format as in LDP, instead, it takes the format as in ADSIEdit but slotted the hyphens in accordingly, so it becomes like this,

B6C15FB4-2F21-F147-88DD-78889D1DD2A9

Note: the highlighted portion was not flipped as in LDP. This is important to note.

Getting the object GUID from AD

Using HMC procedure

GUID to LDAP

<?xml version="1.0" encoding="utf-8"?>

<data>

<GUID>1D9DFFDF5E9E9D4E8C8483D2DF151589</GUID>

</data>

</executeData>

</execute>

</procedure>

</request>

LDAP to GUID

<?xml version="1.0" encoding="utf-8"?>

<data>

<LDAP>LDAP://OU=Alpineskihouse,OU=consolidatedmessenger,OU=Hosting,DC=hmc45,DC=Com</LDAP>