I thought Richard had something that did this - I'll have to email me because I dcouldn't find a sample on his site. How's that csv support in adfind coming? ;) --Brian
________________________________ From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 10/24/2004 9:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusting Domain SIDs To be blunt, scripts suck for working with octetstrings which securityIdentifier is. If I absolutely had to do it, I would chase down Richard Mueller and see what he has to help as Richard is one of the best in this area from what I have seen. Fortunately for me, I don't have to do anything with vbscript. In your shoes... If Richard doesn't have a quick answer for you, parse out to the shell and run adfind to gather the data quickly as it decodes the SIDS for you automagically... [Sun 10/24/2004 10:36:35.26] G:\Downloads\Crack\pwddmp3>adfind -gc -b -f objectcategory=trusteddomain securityidentifier AdFind V01.24.00cpp Joe Richards ([EMAIL PROTECTED]) September 2004 Using server: 2k3dc01.joe.com Directory: Windows Server 2003 dn:CN=child1.joe.com,CN=System,DC=joe,DC=com >securityIdentifier: S-1-5-21-3593593216-2729731540-1825052264 dn:CN=joe.com,CN=System,DC=child1,DC=joe,DC=com >securityIdentifier: S-1-5-21-1862701446-4008382571-2198042679 2 Objects returned [Sun 10/24/2004 10:38:31.47] G:\Downloads\Crack\pwddmp3>sidtoname S-1-5-21-3593593216-2729731540-1825052264 SidToName V02.00.00cpp Joe Richards ([EMAIL PROTECTED]) March 2003 [Domain]: CHILD1 The command completed successfully. [Sun 10/24/2004 10:38:41.06] G:\Downloads\Crack\pwddmp3>sidtoname S-1-5-21-1862701446-4008382571-2198042679 SidToName V02.00.00cpp Joe Richards ([EMAIL PROTECTED]) March 2003 [Domain]: JOE The command completed successfully. [Sun 10/24/2004 10:38:47.68] G:\Downloads\Crack\pwddmp3> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Saturday, October 23, 2004 9:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Trusting Domain SIDs I have a script which enumerates all of the trusts a domain has. This is all well and good. What I also need is the string format SID of the trusting domain. According to the PSDK, there's a couple attributes that might be interesting to me on the trustedDomain object: DomainIdentifier and SecurityIdentifier. I have a W2k native domain here with a crapload of trusts (several hundred) and not one has a DomainIdentifier. They all have a SecurityIdentifer. I do not have a clue what to do with this - Cstr doesn't work on it <g>. There's also all the DomainName$ accounts in the Users container. This is just a VBS script now. Any pointers, utilities, etc to get me going on this would be much appreciated! Thanks, Brian List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>
