RE: [ActiveDir] How to identify SIDs in AD?

Thu, 21 Jul 2005 07:52:05 -0700 

SIDS of Active Directory objects are stored in the objectSID attribute. If
you have done some form of migrations or move of users or groups from one
domain to another, the sIDHistory attribute will also be populated.

The last sentence you have of something that matches workstation SID with
the workstations objectSID in AD would have to be a script to do that. There
is no attribute in AD that maintains the workstation SID, AD doesn't care
about that SID, it only cares about the objectSID assigned to the computer
object for the workstation which is different.

To tackle that problem, you would have to write a script that enumerated all
of the AD Computer objects and their objectSIDs, then have the script reach
out to each of those computers individually and query for its SID (just ask
for the administrator SID on each of the machines and chop off the RID at
the end) and then produce your mapping.

To easily display SIDs from AD, you could use my adfind utility, to dump all
computer objects in a forest and their SIDs you would do something like

adfind -gc -b "" -f objectcategory=computer objectSID

If you pipe that output to a file, you could then use the adcsv (in the
adfind zip file) script to take that output and put it into a CSV format for
easier consumption by something else.

    joe




-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Hanumara, Rao
Sent: Thursday, July 21, 2005 9:58 AM
To: [email protected]
Subject: [ActiveDir] How to identify SIDs in AD?

Hello,
   I am new to the list and also new to AD.  We are running few problems
with Ghost Images deployment.  Is there any utility that can show SID on the
Domain Controller.  We have AD and DNS implemented on our DC.  MS
Administrative tools just shows me members of AD, DNS Forward and Reverse
lists.  What I want to see is SIDs of AD Computers/Users.  Where they are
stored and how to see them?  I really want a report that matches Workstation
SID with AD SID in computers.
Thanks in Advance,
Rao/.. 


 
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to