Appendix 1: Identifying a Domain Controller GUID

Applies To: Windows Server 2003 with SP1

Identifying the correct domain controller GUID for an SMTP replication certificate may pose a challenge for some administrators who are unfamiliar with the nuances of Active Directory and domain controller objects in the directory. To determine a specific domain controller GUID from a Windows XP or Windows Server 2003 computer joined to the Active Directory forest, perform the following steps.


The dsquery utility is part of the Windows Server 2003 Administration Tools Pack and is not available on Windows 2000 computers.

  1. Log on to the computer with a domain account.

  2. From a command-line prompt, run the following command.

    dsquery * “CN=<hostname>,OU=Domain Controllers,DC=<yourdomain>,DC=<yourdomain>” –scope base –attr objectguid

    You must replace the <hostname> variable with the name of the specific domain controller you want and the <yourdomain> variable with the domain name of your specific domain. For example:

    dsquery * “CN=DC01,OU=Domain Controllers,DC=contoso,DC=com” –scope base –attr objectguid

    The command will result in output similar to the following:

  3. Log off the computer.