How To Convert ImmutableId To ObjectGuid And Back

Immutableid to objectid conversion

If you have a default synchronization between your on-premise Active Directory and your Azure AD your user objects are linked by Azure AD Connect with the following attributes:

  • On-premise AD user: ObjectGuid
  • Azure AD user: ImmutableId

However if you compare these two objects it looks a bit strange!

This is the output for the user object in on-premise AD:

PS C:\> Get-ADUser tycho.brahe | fl userPrincipalName,objectGuid userPrincipalName : objectGuid : f7cc07d7-7c15-447d-876d-c01b0e5a9e38

This is the output for the user object in Azure AD:

PS C:\> Get-MsolUser -UserPrincipalName "" | fl userPrincipalName,ImmutableId UserPrincipalName : ImmutableId : 1wfM9xV8fUSHbcAbDlqeOA==

What happened here?

The thing is that the value is represented in the on-premise AD as a GUID and in Azure AD as a base64 encoded text string.

So, in order to verify if two objects are properly linked you must convert the guid to base64 or the other way around.

To convert a guid string to a base 64 string in PowerShell use the following command:

PS C:\> [Convert]::ToBase64String([guid]::New("f7cc07d7-7c15-447d-876d-c01b0e5a9e38").ToByteArray()) 1wfM9xV8fUSHbcAbDlqeOA==

To convert a base64 string to a guid in PowerShell use this simple command:

PS C:\> [Guid]([Convert]::FromBase64String("1wfM9xV8fUSHbcAbDlqeOA==")) Guid ---- f7cc07d7-7c15-447d-876d-c01b0e5a9e38

Perhaps Microsoft was inspired by the Enigma coding machine of World War II when they designed this? At least now you know how to break the code… 😉

Did you like this post? Maybe your friends will too!