How to get user GUID from Active Directory using WinNT protocol?

Question

I'm trying to get user GUID from Active Directory. My code:

DirectoryEntry entry = new DirectoryEntry("WinNT://DOMAIN/UserName");
Console.WriteLine("The GUID of the ADS object:" + entry.Guid);
Console.WriteLine("The Native GUID of the ADS object:" + entry.NativeGuid);

The code above always returns d83f1060-1e71-11cf-b1f3-02608c9e7553, regardless of the user and domain.

Is it possible to get user GUID using WinNT protocol?

Answer 1

Perhaps you mean SID (security identifier). Like a GUID it is unique, at least across the domain tree. I think the property is "objectSid". It's binary (byte[]). I can't remember how big it is (28 bytes?) but I'm pretty sure it's not a GUID.

Answer 2

Check out Richard Mueller's Hilltop Lab where he has lots of spreadsheets showing all the properties the various providers expose. In particular, his list of properties that the WinNT provider exposes shows that there's no such things as a user's "GUID" or OID or anything like that exposed.

Mind you - the WinNT provider is only used for backward compatibility, and really only works well on local machine accounts.

If you want to access DOMAIN accounts, you should by all means use the LDAP provider instead - it'll give you access to all the LDAP properties on a user account.

Marc