Title: Finding User account if know SID

objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}

 

What the hell is that?!!  Is that documented somewhere?  What other kinds of goofy tricks are there to avoid octet string encoding like \01\05\00…..?

 

And while you are at it, why does this work in 2K3?

objectSID=S-1-5-21-2000478354-411894773-854245398-500

 

Are there any tricks for GUIDs too?

 

Also, I can’t get objectSID={{SID:S-1-5-21-861567501-413027322-18016}} this to work for, though this objectSID=S-1-5-21-861567501-413027322-1801674531-109764 does on Win2K3.  Are you just making that up? J

 

I love stupid LDAP tricks!

 

Joe K.

 

 

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Friday, January 21, 2005 12:55 PM
To: [email protected]
Subject: RE: [ActiveDir] Finding User account if know SID

 

I think that only works against 2k3 AD though Dean.

 

sidtoname will work against NT or 2K or K3 or XP.

 

 

 

As an aside, if someone wants to do it through LDAP, adfind will do it too, even against W2K...

 

If you know your directory is 2K3 you can use the same filter as below

 

adfind -b dc=mine,dc=local -f "(&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))" objectsid

 

if you know it is Windows 2000 or you don't know what it is you can do

 

adfind -b dc=mine,dc=local -bitenc -f "(&(objectcategory=person)(objectclass=user)(objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}))" objectsid

 

 

   joe

 

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells
Sent: Friday, January 21, 2005 11:59 AM
To: Send - AD mailing list
Subject: RE: [ActiveDir] Finding User account if know SID

Joe's tools will work well ...if you're restricted to tools from the base media, try -

 

C:\>ldifde -d dc=mine,dc=local -r (^&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500)) -l "objectSID" -f con

--
Dean Wells
MSEtechnology
* Email: [EMAIL PROTECTED]
http://msetechnology.com

 

 


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher
Sent: Friday, January 21, 2005 11:32 AM
To: [email protected]
Subject: [ActiveDir] Finding User account if know SID

I thought I could do this with just dsquery, but I'm having trouble doing this. Is there a way to find the user account that matches a particular SID if I know the SID?

Chris Flesher

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.

Reply via email to