|
Gotcha. I thought you were doing
LDAP magic that I didn’t know about. I hate LDAP magic I don’t
know about. J This bit: objectSID=S-1-5-21-2000478354-411894773-854245398-500 was totally new to me though for filter
syntax. I was down with the other DN syntaxes <GUID=xxxx> and
<SID=xxxx> and the two formats they accept, but I thought filters had to
be pure octet binary. They should update the MSDN docs on that. As much as I like your tools too, I’m
a bit like Dean. I tend to use ldp.exe for everything. It
definitely isn’t a replacement for CLI stuff, but I use it mostly for
testing queries, binds and doing the occasional mod or add. It also (now)
has a nice SD editor. I’m probably pretty different from most
people around here in that I have 2 instances of VS open nearly all the time
and couldn’t diagnose a replication problem if you begged me. J Joe K. From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of joe The {{}} format isn't an LDAP thing, it is
a joeware thing. Combined with -binenc tells adfind to parse the input
parameter differently and replace the nice string name with a binary encoded
version. I had the option of just automatically trying to figure it out if it
was needed or having the user specify that it needed to be done. I preferred to
have the user specify it so I didn't have to ask questions like how come I can
use LDIFDE to look up sids in 2K3 but not in 2K, adfind can do it in both. -binenc will also work with GUIDs like so: F:\DEV\cpp\SecTok>adfind
-default -f
"objectGUID={{GUID:B07DDAC0-895E-4323-865C-571AB4852449}}" -binenc
objectsid objectguid AdFind
V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) January 2005 Transformed
Filter: objectGUID=\C0\DA\7D\B0\5E\89\23C\86\5CW\1A\B4\85\24I dn:CN=Administrator,CN=Users,DC=joe,DC=com
Again that will work against 2k and K3 AD.
Lots of tricks in adfind, I think myself, the guys I trained at my previous
employeer, and maybe Robbie are the only ones using most of the tricks though.
Dean would know the tricks but he is an OS purist and won't use things unless
MS ships it to him on his CD. Personally I think MS should just break down and
give me a couple of million dollars and buy my joeware utilities from me. On the why does the objectsid thing work,
it is because MS made it work. They made a change in the parsing routine on the
DC to recognize the format of the SID and to convert it to the proper format.
Sort of like allowing multiple versions of logon ID for authentication. I don't
recall ever seeing that documented anywhere, I stumbled upon it on accident
once when working on the -binenc option. I had set the option without
specifying the {{SID}} and it worked still, I was like WTF? I don't believe it
will do it for GUIDs. Also not sure what attributes it will work with, for
instance I have never tried that format against the sidHistory attribute or
custom attributes someone has added that use a SID format. Oh yeah, the astute will note the version
of adfind above is higher than anything released. I found out that an SP1 fix
actually causes something to be reported incorrectly in adfind so I had to
update it even though I wasn't ever going to update the version 1.x.x series
again. Say la vee (that was for Sir ~Eric), it was a pretty simply fix but I am
looking at adding some other things as well as long as I am going to release a
new version. So far I have added in the ability to exclude the DNs from the
output (lots of people have recently asked for that) as well as adding the
ability to not output the attribute labels. So you can actually do something
like: F:\DEV\cpp\SecTok>..\adfind\adfind
-default -f objectcategory=computer name -nodn -nolabel AdFind V01.26.00cpp
Joe Richards ([EMAIL PROTECTED]) January 2005 Using server:
2k3dc02.joe.com 2K3DC01 9 Objects
returned
joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}} What the hell is that?!! Is that
documented somewhere? What other kinds of goofy tricks are there to avoid
octet string encoding like \01\05\00…..? And while you are at it, why does this
work in 2K3? objectSID=S-1-5-21-2000478354-411894773-854245398-500 Are there any tricks for GUIDs too? Also, I can’t get
objectSID={{SID:S-1-5-21-861567501-413027322-18016}} this to work for, though
this objectSID=S-1-5-21-861567501-413027322-1801674531-109764 does on Win2K3.
Are you just making that up? J I love stupid LDAP tricks! Joe K. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe I think that only works against 2k3 AD
though Dean. sidtoname will work against NT or 2K
or K3 or XP. As an aside, if someone wants to do it
through LDAP, adfind will do it too, even against W2K... If you know your directory is 2K3 you can
use the same filter as below adfind -b dc=mine,dc=local -f "(&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))"
objectsid if you know it is Windows 2000 or you
don't know what it is you can do adfind -b dc=mine,dc=local -bitenc -f
"(&(objectcategory=person)(objectclass=user)(objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}))"
objectsid joe From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Joe's tools will work well ...if you're
restricted to tools from the base media, try - C:\>ldifde -d dc=mine,dc=local -r
(^&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))
-l "objectSID" -f con -- From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Chris Flesher I
thought I could do this with just dsquery, but I'm having trouble doing this.
Is there a way to find the user account that matches a particular SID if I know
the SID? Chris
Flesher This
message is for the designated recipient only and may contain privileged,
proprietary, or otherwise private information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the email by you is prohibited. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. |
Title: Finding User account if know SID
