Steven,
Thanks for your help. Your thoughts on why SID's resolve that exist
locally is very likely correct. And you've given me a thought. Maybe If I
concatenate the Domain || Machine SID with the Account || Group SID I can
get it to work.
I've also include an excerpt from Dave Roth's book on Win32 Perl
Programming which claims there is in fact a second parameter of the
ResolveAccount function. This is the reason I tried using the second
parameter. It is not explained in Win32::Perms docs. Who knows.
Thanks,
Shawn
Begin Quote
If you already have a SID but need to look up the user account associated
with it, you can use the ResolveAccount() function:
$Account = Win32::Perms::ResolveAccount( $TextSid | $BinarySid [, $Machine ] );
The first parameter is the SID you are looking up. This can be either a
text or binary SID. The function will determine which type of SID you are
using and will handle it accordingly.
The optional second parameter indicates what machine on the network is to
perform the lookup. If the SID represents a local account or group on a
remote machine, you need to specify the remote machine in this parameter.
The machine name must be prefixed with double backslashes as in \\Machine.
If the function is successful, it will return the account name in the form
of "domain\user." Otherwise, the function returns nothing.
End Quote
> ResolveAccount doesn't look to have a second parameter for servername.
>
> Reason being is that it will resolve the name with the first (only) trust
> relationship it finds that will resolve the SID, and since SIDs are supposed
> to be unique, (with the exception of local groups like "Administrators",
> which would always resolve locally - Someone correct me if I have it
> wrong..) there's no need to tell it a servername.
>
> I can see why you might want to do this, for a non-domain system, but in
> that case, I don't know how to do what you want because you can
> ResolveSid("THATPC\\username") and providing you get the permissions and
> trusts to do what you want, so in theory it should work, but I've never
> tried, and... well.... It's still the opposite of what it looks like you
> want to do, anyway.
>
> Lastly, resolving remote sids for sids that exist on the local box, doesn't
> seem possible, because it will return true, but only because it found it
> locally.
>
> Hope this helps.
>
> Steven
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, February 21, 2003 9:15 AM
> To: [EMAIL PROTECTED]
> Subject: Win32::Perms - ResoveAccounts not working on Remote SID
>
>
> Ladies and Gentlemen,
>
> Having a bit of trouble with resolving the following SID. Or any remote SID
> for that matter. IF the SID is on my machine and the remote machine no
> problem. For example the SID for administrator or Guest. In this example
> the SID is for the Server Operators Group which is on Windows 2000 Server
> but not my Win 2000 Workstation. Nothing comes back. Any thoughts?
>
> Thanks in advance to those who post.
>
>
> use Win32::Perms;
>
> my $server = shift || Win32::NodeName;
> my $sid = 'S-1-5-32-549';
>
> print "$sid , $server\n";
> my $resolved = Win32::Perms::ResolveAccount($sid,"\\\\$server");
> my $straight =
> Win32::Perms::ResolveAccount('S-1-5-32-549','\\127.0.0.2');
> print "resolved $resolved 2nd
> $straight\n";
>
>
> _______________________________________________
> Perl-Win32-Admin mailing list [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
>
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
