Recipe 10.4 Generating a GUID to Use for a New Class or Attribute

10.4.1 Problem

You want to generate a GUID to use for the schemaIDGUID attribute of a new class or attribute you intend to add to the schema.

10.4.2 Solution

There are several ways to go about generating a GUID. If you do not specify the schemaIDGUID when initially creating a class or attribute, one will automatically be generated for you. So you could add the class or attribute to the schema of a test forest, and then use the schemaIDGUID that was generated in that forest.

You can also programmatically generate a GUID using Perl, VB, C++, or C#, but you cannot do it natively within VBScript. The Windows API supports a CoCreateGUID method that can be used to generate a GUID. If you are stuck with VBScript, you can wrap the CoCreateGUID method in an ActiveX DLL using VB and then use that DLL from within VBScript.

Finally, you can use a tool such as uuidgen.exe, which is available in the Microsoft Platform SDK to generate GUIDs. Uuidgen doesn't require any parameters (although there are a few options that can be seen by running uuidgen -h), and it can generate as many GUIDs as you need.

If you intend to use LDIF files for extending the schema (highly recommended), then you need to encode any GUIDs in base64 notation. This is necessary because GUIDs are stored as octet strings (binary data) in Active Directory. The LDIF specification requires any binary data to be encoded in base64. Again, VBScript does not support base64 encoding natively, but other languages like Perl have modules available that do. Here is an example Perl script that uses a combination of the uuidgen utility to generate a GUID, the Win32::Lanman module to convert the GUID to binary, and the MIME::Base64 module to encode it:

use MIME::Base64;
use Win32::Lanman;

# Get the string GUID
my $str_guid = `uuidgen.exe`;
chomp $str_guid;

# Convert to a binary GUID
my $bin_guid = Win32::Lanman::StringToGuid($str_guid);

# Base64 encode binary GUID
my $b64_guid = encode_base64($bin_guid);

print "$b64_guid\n";

You can avoid using uuidgen.exe altogether by using the Win32::Guidgen module or Data::UUID (for Unix), both of which can generate text-based GUIDs.

10.4.3 Discussion

The schemaIDGUID attribute defines the GUID or unique identifier for classes and attributes in the schema. It is a good practice to define this attribute in your schema extensions when creating new classes or attributes. This is especially true if the new class or attribute will be associated with any extended rights or property sets, which reference schema objects by GUID. If you do not explicitly set that value, the method you use for creating or modifying extended rights to use that class will have to dynamically determine the schemaIDGUID for each forest it is implemented in, which is not very clean.

    Chapter 3. Domain Controllers, Global Catalogs, and FSMOs
    Chapter 6. Users
    Appendix A. Tool List