|
It sure as heck shouldn't allow you to write an invalid SID
to the ACL though... The interface should kick back an error of that name can't
be resolved and not set anything. The last time I looked the stuff you could use
from _vbscript_ didn't let you see SIDS, it was all name based. If it is SID
based, sure let it write whatever SID you want like you can with the low level
API calls. But script API access through ADSI/COM should have bumpers on
it.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Wednesday, January 18, 2006 10:46 AM To: [email protected] Subject: RE: [ActiveDir] Unresolved SIDs in ACL Amazing what On Error
Resume Next will do for you eh? ----------------------------------------------------------------------- From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe Ah. Kind of scary that
the script created the ACEs at all, should have errored every time that you
tried to apply a bad ACE. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] joe, The script owner
realised just after I posted that the domain name was constructed wrongly in the
script :( Sorry to waste your
time. neil From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of joe Do the SIDs at least
have the Domain portion of the SID correct? How far off are they from the real
SID of the groups? From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of
[EMAIL PROTECTED] I
have a script, which creates a pre-defined OU structure, creates groups and
permissions the OUs with these groups. The script performs these steps in the
order given. I
have 2 test environments and have executed the script in each.
In
one environment (all w2k3 sp1 DCs, dfl and ffl=2), the script works fine and all
OUs and ACEs/ACLs are correct. In
the other environment (also w2k3 sp1 DCs and dfl/ffl=2) the script works fine
but all new ACEs are shown as SIDs when viewed thru the ACL editor. Eventually,
these unresolved SIDs are shown as 'account unknown'. I have used sidtoname
(thanks joe!) and that shows that the SID cannot be resolved to a name (as
expected, I guess). I'm
sure someone must have seen this strange behaviour before and has some
suggestions. I would suspect the latter environment to be at blame, but it was
only built very recently and is still pristine. All
suggestions very welcome. Thanks, ___________________________ PLEASE READ: The information
contained in this email is confidential and intended for the named recipient(s)
only. If you are not an intended recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further action in reliance on it. Email is
not a secure method of communication and Nomura International plc ('NIplc')
will not, to the extent permitted by law, accept responsibility or liability
for (a) the accuracy or completeness of, or (b) the presence of any virus,
worm or similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please request
a hard copy. Unless otherwise stated this email: (1) is not, and should
not be treated or relied upon as, investment research; (2) contains
views or opinions that are solely those of the author and do not necessarily
represent those of NIplc; (3) is intended for informational purposes only and
is not a recommendation, solicitation or offer to buy or sell securities or
related financial instruments. NIplc does not provide investment services
to private customers. Authorised and regulated by the Financial Services
Authority. Registered in no. 1550505 VAT No. 447 2492 35.
Registered Office: 1 PLEASE READ: The information
contained in this email is confidential and intended for the named recipient(s)
only. If you are not an intended recipient of this email please
notify the sender immediately and delete your
copy from your system. You must not
copy, distribute or take any further action in reliance on it. Email is
not a secure method of communication and Nomura International plc ('NIplc')
will not, to the extent permitted by law, accept responsibility or liability
for (a) the accuracy or completeness of, or (b) the presence of any virus,
worm or similar malicious or disabling code in, this message or any
attachment(s) to it. If verification of this email is sought then please request
a hard copy. Unless otherwise stated this email: (1) is not, and should
not be treated or relied upon as, investment research; (2) contains
views or opinions that are solely those of the author and do not necessarily
represent those of NIplc; (3) is intended for informational purposes only and
is not a recommendation, solicitation or offer to buy or sell securities or
related financial instruments. NIplc does not provide investment services
to private customers. Authorised and regulated by the Financial Services
Authority. Registered in no. 1550505 VAT No. 447 2492 35.
Registered Office: 1
|
Title: Unresolved SIDs in ACL
