This
is an adsi thing and is called a SID Bind, you can also do a GUID bind in a
similar manner. If you are using LDAP API instead of ADSI you need to encode the
sid back into an octet string and do the search with it. Check out Gil
Kirkpatrick's Programming Active Directory as he has some good info on this type
of schtuff. Actually if you are doing any AD programming, get that book. Gil
rocks. :op
joe
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeI never heard of using an attribute as your BaseDN.If this worked for you I really would like to know how you did it.ThanksY
From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeWhy not use LDP and set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
