Tip #10: AzureAD device physicalIds GID, g:id
While working with Azure AD, Intune, Autopilot, Log analytics, etc., I’m sure you’ve come across an ID that looks like this: [GID]:g:1234567891234567
. Have you ever wondered where that comes from? Graph Explorer Log analytics It’s a decimal representation of this registry value: HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\ExtendedProperties
, REG_SZ
, LID
There you go! Now you know. As a bonus, here’s a PowerShell one-liner to read and convert it:
1
"g:{0}" -f [Int64]"0x$((Get-ItemProperty "Registry::HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\ExtendedProperties").LID)"
This post is licensed under CC BY 4.0 by the author.