Convert DN Format to ImmutableID and ImmutableID to new DN value in AAD Sync/AAD Connect

In AAD Sync and AAD Connect the DN format has changed so it’s much more difficult to search for objects.

AAD Sync \ Connect convert the ImmutableID to UTF8Hex and then prepend a CN={ and append a } to make the value more DN-like.

I found one script to convert either the new DN format back to the ImmutableID, or the ImmutableID to the new DN format to make searching easier. Just call the command with one value or the other and it’ll supply the other.

<#

THIS CODE AND ANY ASSOCIATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR

IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR

PURPOSE. THE ENTIRE RISK OF USE, INABILITY TO USE, OR RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE USER.

 

#>

#Requires -Version 3

[CmdletBinding()]

param

(

[Parameter(Mandatory = $true,

HelpMessage=”ImmutableID string or Azure CS DN value”)]

[string]$Value

)

$done = $NULL

If ($value.EndsWith(“==”))

{

$enc = [system.text.encoding]::utf8

$result = $enc.getbytes($Value)

write-host “CN={” -nonewline

$result | foreach {write-host -object ([convert]::tostring($_,16)) -NoNewline};write-host “}”

}

ElseIf ($value.ToLower().StartsWith(“cn=”))

{

$hexstring = $value.replace(“CN={“,””)

$hexstring = $hexstring.replace(“}”,””)

$array = @{}

$array = $hexstring -split “(..)” | ? {$_}

$array | FOREACH {WRITE-HOST –object ( [CHAR][BYTE]([CONVERT]::toint16($_,16))) –nonewline };write-host

}

Else

{

Write-host -fore red “You provided a value that was neither an ImmutableID (ended with ==) or a DN (started with CN=), please try again.”

}

<# Example

CN={3262526E42513644383075547A3654313473724D50773D3D}

2bRnBQ6D80uTz6T14srMPw==

Reference:- https://blogs.technet.microsoft.com/dkegg/2015/08/01/dn-value-in-aad-sync-aad-connect-the-new-format/

One Reply to “Convert DN Format to ImmutableID and ImmutableID to new DN value in AAD Sync/AAD Connect”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.