RE: [ActiveDir] Finding User account if know SID

[joe]

Title: Finding User account if know SID

Ah the angle brackets don't bother me, just throw the parameter in quotes and they are like handling kittens. "<blah>". No carrots nor carets needed. Adfind will obviously also work with the SID= and GUID= formats since that is all handled by AD on the server side. In fact, you can easily tell adfind to return the extended names of objects by adding -extname switch.     F:\DEV\cpp\SecTok>adfind -default -f name=administrator -extname objectsid objectguid   AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) January 2005   Using server: 2k3dc01.joe.com Directory: Windows Server 2003 Base DN: DC=joe,DC=com   dn:<GUID=c0da7db05e892343865c571ab4852449>;<SID=0105000000000005150000008691066f6b10ebee37780383f4010000>;CN=Administrator,CN=Users,DC=joe,DC=com >objectGUID: {B07DDAC0-895E-4323-865C-571AB4852449} >objectSid: S-1-5-21-1862701446-4008382571-2198042679-500   1 Objects returned   The command completed successfully.         I don't consider the SID= and GUID= binding formats the same as the objectsid=s-... example because you are binding to a specific object versus searching for the SID or GUID. The difference comes into play with attributes other than objectsid and objectguid such as sIDHistory, schemaIDGUID, attributeSecurityGUID, rightsGuid, etc.     Hey Dean do you know if the auto SID conversion for the filter will work for sIDHistory? I don't currently have any sIDHistories to test with. I would rather ask then create some. :o)      joe         From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, January 21, 2005 4:49 PM To: Send - AD mailing list Subject: RE: [ActiveDir] Finding User account if know SID This ... objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}} ... is likely Joe's and ADfind's way of handling SIDs and removing that sometimes nasty command line interpretation of angled brackets (they can be prefixed by ^ of course).   As for "And while you are at it, why does this work in 2K3? objectSID=S-1-5-21-2000478354-411894773-854245398-500" ... the DSA was written to understand it since it's a relatively common query ... nothing more complex than that.   As for GUIDs, yes there is ... simple example is to use an angle bracketed <SID=xxxxx> or <GUID=xxxx> as the base DN of a query or use -   ldifde -d ^<SID=S-1-5-21-2000478354-492114223-854115398-1113^> -l "1.1" -f con   Replacing "<SID=" with "<GUID=" and a valid GUID value will also work.   Regarding your very last question, possibly me since I'm speed reading but aren't you missing a few bits ... "74531-109764"?   Dean -- Dean Wells MSEtechnology * Email: dwells@msetechnology.com http://msetechnology.com   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, January 21, 2005 4:24 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Finding User account if know SID objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}   What the hell is that?!!  Is that documented somewhere?  What other kinds of goofy tricks are there to avoid octet string encoding like \01\05\00…..?   And while you are at it, why does this work in 2K3? objectSID=S-1-5-21-2000478354-411894773-854245398-500   Are there any tricks for GUIDs too?   Also, I can’t get objectSID={{SID:S-1-5-21-861567501-413027322-18016}} this to work for, though this objectSID=S-1-5-21-861567501-413027322-1801674531-109764 does on Win2K3.  Are you just making that up? J   I love stupid LDAP tricks!   Joe K.       From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Friday, January 21, 2005 12:55 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Finding User account if know SID   I think that only works against 2k3 AD though Dean.   sidtoname will work against NT or 2K or K3 or XP.       As an aside, if someone wants to do it through LDAP, adfind will do it too, even against W2K...   If you know your directory is 2K3 you can use the same filter as below   adfind -b dc=mine,dc=local -f "(&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500))" objectsid   if you know it is Windows 2000 or you don't know what it is you can do   adfind -b dc=mine,dc=local -bitenc -f "(&(objectcategory=person)(objectclass=user)(objectSID={{SID:S-1-5-21-2000478354-411894773-854245398-500}}))" objectsid        joe     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean Wells Sent: Friday, January 21, 2005 11:59 AM To: Send - AD mailing list Subject: RE: [ActiveDir] Finding User account if know SID Joe's tools will work well ...if you're restricted to tools from the base media, try -   C:\>ldifde -d dc=mine,dc=local -r (^&(objectcategory=person)(objectclass=user)(objectSID=S-1-5-21-2000478354-411894773-854245398-500)) -l "objectSID" -f con -- Dean Wells MSEtechnology * Email: [EMAIL PROTECTED] http://msetechnology.com     From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Flesher Sent: Friday, January 21, 2005 11:32 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Finding User account if know SID I thought I could do this with just dsquery, but I'm having trouble doing this. Is there a way to find the user account that matches a particular SID if I know the SID? Chris Flesher This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.