DESCRIPTION
When working with GUIDs and SIDs in the Active Roles Management Shell, it is necessary to leverage the IEDMOctetString interface. This is documented in the Active Roles SDK, which is installed with Active Roles.
HOW TO USE
This sample script can be run in in the Active Roles Management Shell.
SCRIPT
#*********************************************************************************
# THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
# EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
#
# IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
# PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
#*********************************************************************************
$sourceuser = (get-qaduser -Identity "Test User01" -IncludedProperties "mS-DS-ConsistencyGuid")
[GUID]$sourceuserGUID = $sourceuser."mS-DS-ConsistencyGuid"
$oct = new-object -ComObject AelitaEDM.EDMOctetString
$oct.SetGUIDString($sourceuserGUID)
$targetAccountName = get-qaduser -Identity "Test User02"
Set-QADUser -Identity $targetAccountName -ObjectAttributes @{"mS-DS-ConsistencyGuid" = $oct.GetOctetString()}