|
This
... objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}
... is likely Joe's and ADfind's way of handling SIDs and removing that
sometimes nasty command line interpretation of angled brackets (they can be
prefixed by ^ of course).
As for "And while you are at it, why does this work in 2K3? objectSID=S-1-5-21-2000478354-411894773-854245398-500" ... the DSA was written to understand it since it's a relatively common query ... nothing more complex than that.
As for GUIDs, yes there is ... simple example is to use an angle bracketed <SID=xxxxx> or <GUID=xxxx> as the base DN of a query or use -
ldifde -d ^<SID=S-1-5-21-2000478354-492114223-854115398-1113^> -l "1.1" -f con
Replacing "<SID=" with "<GUID=" and a valid GUID value will also work.
Regarding your very last question, possibly me since I'm speed reading but aren't you missing a few bits ... "74531-109764"?
Dean -- http://msetechnology.com From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 21, 2005 4:24 PM To: [email protected] Subject: RE: [ActiveDir] Finding User account if know SID objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}} What the hell is
that?!! Is that documented somewhere? What other kinds of goofy
tricks are there to avoid octet string encoding like
\01\05\00…..? And while you are at
it, why does this work in 2K3? objectSID=S-1-5-21-2000478354-411894773-854245398-500 Are there any tricks
for GUIDs too? Also, I can’t get
objectSID={{SID:S-1-5-21-861567501-413027322-18016}} this to work for, though
this objectSID=S-1-5-21-861567501-413027322-1801674531-109764 does on Win2K3.
Are you just making that up? J I love stupid LDAP
tricks! Joe
K. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe I think that only works
against 2k3 AD though Dean. sidtoname
will work against NT or 2K or K3 or XP. As an aside, if someone
wants to do it through LDAP, adfind will do it too, even against
W2K... If you know your
directory is 2K3 you can use the same filter as
below adfind -b
dc=mine,dc=local -f
"(&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))"
objectsid if you know it is
Windows 2000 or you don't know what it is you can
do adfind -b
dc=mine,dc=local -bitenc -f
"(&(objectcategory=person)(objectclass=user)(objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}))"
objectsid
joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Dean
Wells Joe's tools will work
well ...if you're restricted to tools from the base media, try
- C:\>ldifde -d
dc=mine,dc=local -r
(^&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))
-l "objectSID" -f con -- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Chris
Flesher I
thought I could do this with just dsquery, but I'm having trouble doing this. Is
there a way to find the user account that matches a particular SID if I know the
SID? Chris Flesher
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. |
Title: Finding User account if know SID
