Connecting to a Well-Known GUID

Connecting to a Well-Known GUID


You want to connect to LDAP using one of the well-known GUIDs in Active Directory.


Using a graphical user interface
  1. Open LDP.

  2. From the menu, select Connection Connect.

  3. For Server, enter the name of a domain controller (or leave blank to do a serverless bind).

  4. For Port, enter 389.

  5. Click OK.

  6. From the menu, select Connection Bind.

  7. Enter credentials of a domain user.

  8. Click OK.

  9. From the menu, select View Tree.

  10. For the DN, enter:


    where <WKGUID> is the well-known GUID that you want to connect to, and <DomainDN> is the distinguished name of a domain.

  11. Click OK. In the left-hand menu, you can now browse the container corresponding to the well-known GUID that you specified.

Using a command-line interface

To enumerate the well-known GUIDs in the Domain NC, use the following syntax:

	> adfind -default -s base wellknownObjects

To display the WKGUIDs in the Configuration NC, replace default with config in the previous syntax.

To connect to a well-known GUID using AdFind, use the following syntax:

	> adfind -b "<WKGUID=<WKGUID>,<DomainDN>>" -s base -dn

Because of additional security settings attached to the Deleted Objects container, if you specify this GUID you must also use the showdel switch in adfind.

Using VBScript
	' This code illustrates how  
to bind to the default computers container.
	strDomain = "<DomainDNSName>" ' e.g.
	strWKGUID = "<WKGUID>" ' e.g. "aa312825768811d1aded00c04fd8d5cd"
	                    ' for the default Computers container
	' ------ END CONFIGURATION --------

	set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE")
	set objCompContainer = GetObject("LDAP://<WKGUID=" & _
	                             strWKGUID & "," & _
	                             objRootDSE.Get("defaultNamingContext") & ">" )
	WScript.Echo objCompContainer.Get("distinguishedName")


The domain NC in Active Directory contains a number of well-known GUIDs that correspond to containers that exist in every AD implementation. These GUIDs are stored as wellKnownObjects attributes within the <DomainDN> object, and allow administrators and developers to consistently connect to critical containers even if they are moved or renamed. The <DomainDN> container possesses the following objects that correspond to well-known GUIDs:

  • CN=NTDS Quotas,<DomainDN>

  • CN=Microsoft,CN=Program Data,<DomainDN>

  • CN=Program Data,<DomainDN>

  • CN=ForeignSecurityPrincipals,<DomainDN>

  • CN=Deleted Objects,<DomainDN>

  • CN=Infrastructure,<DomainDN>

  • CN=LostAndFound,<DomainDN>

  • CN=System,<DomainDN>

  • OU=Domain Controllers,<DomainDN>

  • CN=Computers,<DomainDN>

  • CN=Users,<DomainDN>

The Configuration NC adds these additional WKGUIDs:

  • CN=NTDS Quotas,CN=Confguration,<ForestRootDN>

  • CN=LostAndFoundConfig,CN=Configuration,<ForestRootDN>

  • CN=Deleted Objects,CN=Configuration,<ForestRootDN>

See Also

MSDN: Binding to Well-Known Objects Using WKGUID

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows