I was about to add some code to AdFind to export Security Descriptors in binary export/import format and found out I already had written that code.
I apparently used a bad switch name for it though because I didn’t intuitively know what it was and find it by accident. That or my brain was in a much more computer sciencey mode when I named the switch before versus now.
So instead of adding the code to make AdFind be able to do that functionality, I added a new switch -sdbinout which is an alias for -sdblob.
Oh I also set it up so that if you are outputting CSV format it will automatically remove the [BLOB] label on the hex export string.
And AdMod can already import that format just fine btw with BIN##ntsecuritydescriptor::<blob hex string> or if using CSV input you can do BIN##ntsecuritydescriptor::{{SD fieldname}} so probably something like BIN##ntsecuritydescriptor::{{ntsecuritydescriptor}} or in shortcut form… BIN##ntsecuritydescriptor::{{.}}
