How can I resolve ARS DG execution host based on OriginatingService GUID returned from AD Group LDAP query?

On a dynamic group, the QAD commandlets returns the property edsaDGOriginatingService - and with that, I know where the rebuild would occur from.

On the same group, an ADSI LDAP query of the group, There is an apparent GUID value in the XML extracted from AccountNameHistory called 'OriginatingService'

It appears to be a GUID value - but it does not match the objectGuid or GUID of the ARS service connection point in Active directory under "CN=Enterprise Directory Manager,CN=Aelita,CN=System,<DOMAIN>"

How can I resolve the OriginatingService 'guid' from accountname history to the execution host for that group?  possible?

  • Abbreviated Example:  Originaing service from this query doesn't appear to resolve to an attribute of the service connection point in AD - which contains the names of the hosts eligible to perform these DG rebuilds.  The 'GUID' and objectGuid values on the connection points do not match the apparent GUID referenced in the shortened accountNameHistory XML  below. (bolded)

    PS C:\tools> ([adsisearcher]"name=myDGgroupname").findone().properties.accountnamehistory

    <?xml version="1.0"?>
    <DynamicGroupXML Conditions="[0x3;8ed6;][DG]" OriginatingService="188958ba-c1bb-4e0f-8b9d-3a471e5514d2" TimeStamp="2020-12-25T06:00:00.2325202Z" />

  • See if using that GUID in a Get-QADObject call will return anything.

  • Looking at this a bit differently, if you want to get the properties of the Group using ADSI, why don't you bind to it thus:  $Group = [ADSI]"EDMS://$GroupDN".  That way you can get the edsaDGOriginatingService by way of ADSI?  i.e.

    $Group = [ADSI]"EDMS://$GroupDN"

    $Group.RefreshCache("edsaDGOriginatingService")

    $OrigService = $Group.Properties("edsaDGOriginatingService").Value

  • I can do that - and appreciate the sample code.  I like the speed and portable-ness of a quick LDAP search using adsisearcher … was expecting that GUID to map to something related to the service connection point object.  My fallback was EDMS … so I'll take that route.

    We attempted the upgrade to 7.4 recently and missed it by THAT much.  So, re-installed 7.3 on the host that use-to-be the job server used to rebuild dynamic groups.   I have a script that searches all DG's in my environment 7000+ and compares current expected value against what's there already, and all 7000+ were null....   Setting it requires set-qad … but the get-qad -dynamic query takes too long imho.   I can speed up finding dynamic groups with an adsi search on accountNamehistory - but, can't seem to map that 'orginatingService' guid back to an existing ARS host to target as the new builder.   EDMS will have to do … since that's what it was built to do.

    thanks