Converting Base64 encoded data from an LDIFDE dump of an object to its binary equivelent.

Something interesting that I discovered working with an LDIFDE dump.  I need to verify that a base64 encoded string was associated with a specific user SID.  In the past, I was forced to hack this information out in using a couple of ldap helper functions in C++.  The code necessary to to accomplish this task was approximately 20 to 30 lines.

Being the inquisitive person that I am, I began to wonder if the newer versions of the .Net framework ( 2.0 an higher) had any intrinsic functions that would do the same sort of work.  Low and behold, I found exactly what I was looking for.  The Convert name space contains a number of very useful conversion method, one of which is Convert.FromBase64String that returns an byte array.

Using this method, I can quickly convert any base64 encoded data from my LDIFDE dumps into their binary equivalents, then I can use the .Net object type that matches my particular binary data to convert the binary blob to a string.

The following C# code illustrates how you can convert a base64 encoded guid and a base64 encoded SID into their more human readable string forms:

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;


namespace decodebase64SID


    class Program


        static void Main(string[] args)


            string strSID = "AQUAAAAAAAUVAAAAPXj3WXwxNhGBjE3aTQQAAA==";

            byte[] sid = Convert.FromBase64String(strSID);

            System.Security.Principal.SecurityIdentifier SI = new System.Security.Principal.SecurityIdentifier(sid, 0);


            string strGUID = "shgJ1o5gbEurVpGXHpyhCg==";

            byte[] bGuid = Convert.FromBase64String(strGUID);

            System.Guid gu = new System.Guid(bGuid);







Comments (2)

  1. Brandon says:

    Thank you, helpful.

  2. Mark Stanfill [MSFT] says:

    Very nice.  Super-simple in PS, too:

    [byte[]]$sid = [System.Convert]::FromBase64String("AQUAAAAAAAUVAAAAPXj3WXwxNhGBjE3aTQQAAA==")

    $si = New-Object Security.Principal.SecurityIdentifier($sid,0)


Skip to main content