Johannes,
A SID does contain a trust chain indicating the sub-authorities for that SID, but unfortunately the values are relative to the authority that issued the SID and not the Client doing the lookup. The SID will be the same for all but the last four bytes for any account that shares the same trust chain. Once you have resolved by hand a few the un-resolvable accounts you can create a lookup table to figure what target domain you will need to resolve against. Alternately you can use Win32::Lanman with WNetEnumResource and NetGetAnyDCName or NetServerEnum to locate all the domain controller names on your network and try your lookup against each one. If you plan to use the Lanman module you may want to look at NetShareEnum and NetShareGetInfo, as they have a lot less overhead then WMI. James -----Original Message----- From: Johannes Studt [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 3:37 PM To: Krummel, James C - PGGC-6; [EMAIL PROTECTED] Subject: RE: WMI Win32_LogicalShareSecuritySettings->GetSecurityDescriptor Hi, > Try using the core Win32 functions. If I remenber right, if you do not > specify a server name, the API will first try to reconcile the sid to a > local account, then an account on your resource domain, then finally > against domains trusted by your resource domain. It is possible your > problem is trust related. You may need to seed the call with the name > of a BDC in the domain in which the target account lies. [...] > Win32::LookupAccountName($server, $target , $domain, $sid, $sidtype); > Win32::LookupAccountSID($Server, $sid, $account, $domain, $sidtype); that was the right idea, thanks @James :) One question remains: am I able to determine the right server (or only the domain in which the target account lies) to seed the above call with, with only given the SIDs? Find the logon domain of the granted user is just one of my goals, not a given fact... In most cases it's sufficient to use the resource server as $Server (in above call), but sometimes that fails. regards, Johannes _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
