With this script, you will be able to create a GUID hashtable for the schema classes, attributes and extended rights.
It can be very useful in case of troubleshooting. You probably already see this kind of event in the security event log :
You can see in the “Properties” part the GUIDs. These GUIDs can be resolved using the following scripts
How to create a hashtable to store the GUID value of each schema class and attribute
$rootdse = Get-ADRootDSE
$guidmap = @{}
Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter `
"(schemaidguid=*)" -Properties lDAPDisplayName,schemaIDGUID |
% {$guidmap[$_.lDAPDisplayName]=[System.GUID]$_.schemaIDGUID}
$guidmap
How to create a hashtable to store the GUID value of each extended right in the forest
$rootdse = Get-ADRootDSE
$extendedrightsmap = @{}
Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter `
"(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName,rightsGuid |
% {$extendedrightsmap[$_.displayName]=[System.GUID]$_.rightsGuid}
$extendedrightsmap
References
Set permissions on properties in Active Directory (Write Members in ACL) (Shared mailbox management) (and the script)
[MS-ADA1]: Active Directory Schema Attributes A-L
Specifies the Active Directory Schema Attributes A-L, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with A – L).
Click here to view this version of the [MS-ADA1] PDF.
[MS-ADA2]: Active Directory Schema Attributes M
Specifies the Active Directory Schema Attributes M, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with M).
Click here to view this version of the [MS-ADA2] PDF.
[MS-ADA3]: Active Directory Schema Attributes N-Z
Specifies the Active Directory Schema Attributes N-Z, which contains a partial list of the objects that exist in the Active Directory schema (attributes beginning with N through Z).
Click here to view this version of the [MS-ADA3] PDF.