I'm up for that ... I've never dealt with this stuff in S.DS before. Do you ahve any pointers on SIDs w/ .net? I actually got hte info I needed with adfind, but I still want to be able to produce this dump in spreadsheet form. --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org v - 773.534.0034 x135 f - 773.534.8101
________________________________ From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED] Sent: Sun 10/24/2004 9:02 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusting Domain SIDs This would also be something that would be easier to deal with in .NET than script as there is plenty of good support for octet strings in S.DS and there are plenty of options for converting the SID back to string SID. Of course, shelling out to adfind might be easy, depending on the particulars of what you are up to. Joe ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Sunday, October 24, 2004 12:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusting Domain SIDs I thought Richard had something that did this - I'll have to email me because I dcouldn't find a sample on his site. How's that csv support in adfind coming? ;) --Brian ________________________________ From: [EMAIL PROTECTED] on behalf of joe Sent: Sun 10/24/2004 9:42 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Trusting Domain SIDs To be blunt, scripts suck for working with octetstrings which securityIdentifier is. If I absolutely had to do it, I would chase down Richard Mueller and see what he has to help as Richard is one of the best in this area from what I have seen. Fortunately for me, I don't have to do anything with vbscript. In your shoes... If Richard doesn't have a quick answer for you, parse out to the shell and run adfind to gather the data quickly as it decodes the SIDS for you automagically... [Sun 10/24/2004 10:36:35.26] G:\Downloads\Crack\pwddmp3>adfind -gc -b -f objectcategory=trusteddomain securityidentifier AdFind V01.24.00cpp Joe Richards ([EMAIL PROTECTED]) September 2004 Using server: 2k3dc01.joe.com Directory: Windows Server 2003 dn:CN=child1.joe.com,CN=System,DC=joe,DC=com >securityIdentifier: S-1-5-21-3593593216-2729731540-1825052264 dn:CN=joe.com,CN=System,DC=child1,DC=joe,DC=com >securityIdentifier: S-1-5-21-1862701446-4008382571-2198042679 2 Objects returned [Sun 10/24/2004 10:38:31.47] G:\Downloads\Crack\pwddmp3>sidtoname S-1-5-21-3593593216-2729731540-1825052264 SidToName V02.00.00cpp Joe Richards ([EMAIL PROTECTED]) March 2003 [Domain]: CHILD1 The command completed successfully. [Sun 10/24/2004 10:38:41.06] G:\Downloads\Crack\pwddmp3>sidtoname S-1-5-21-1862701446-4008382571-2198042679 SidToName V02.00.00cpp Joe Richards ([EMAIL PROTECTED]) March 2003 [Domain]: JOE The command completed successfully. [Sun 10/24/2004 10:38:47.68] G:\Downloads\Crack\pwddmp3> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Saturday, October 23, 2004 9:39 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Trusting Domain SIDs I have a script which enumerates all of the trusts a domain has. This is all well and good. What I also need is the string format SID of the trusting domain. According to the PSDK, there's a couple attributes that might be interesting to me on the trustedDomain object: DomainIdentifier and SecurityIdentifier. I have a W2k native domain here with a crapload of trusts (several hundred) and not one has a DomainIdentifier. They all have a SecurityIdentifer. I do not have a clue what to do with this - Cstr doesn't work on it <g>. There's also all the DomainName$ accounts in the Users container. This is just a VBS script now. Any pointers, utilities, etc to get me going on this would be much appreciated! Thanks, Brian List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
<<winmail.dat>>
