Solved

Get user info using SID

Posted on 2004-08-18
9
4,001 Views
Last Modified: 2012-08-13
I have the user SID and I need to get User info (Domain groups) using vbscript?
0
Comment
Question by:xy15973
  • 4
  • 3
  • 2
9 Comments
 
LVL 3

Expert Comment

by:Madz
ID: 11828921
Hi,
      This is tough job using a script. However if you must, do the following (assuming a Win 2000 domain)

- Bind to the user domain (I guess you should which domain the user belongs to)
- Search the  domain for the objectSid property equalling the SID you have
- Using the DN of the user, search the domain for groups whose members property contains the DN you obtained.

Does that help?

Madz
0
 

Author Comment

by:xy15973
ID: 11828968
I am not sure...Are you saying get the username from the SID and then do a lookup for the users group memebership?
0
 
LVL 3

Expert Comment

by:Madz
ID: 11830023
Nope. What I am saying is to do an LDAP bind to the domain and seach the domain container for user objects that have the objectSid property equal to the user SID that you have.

something like
set objIADs = GetObject("LDAP://MyDomain")
'you can use ADO to search the AD. I do not have sample code. You can find it on the net.
' Have the search filter as (&(objectCategory=user)(objectSid=TheSidYouHave))

Does that answer your query?

Madz
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 11831663
Hi xy15973

It took a while to work out but I believe the following code does what you require.

It accepts a string sid in the form S-1-5-21.... and then loops through a container extracting the sid of each object, converting the extracted sid to a string and then comparing it to the search sid.

When it finds a match it calls the get_Groups sub passing the current user object. This user object is then used to list the users group memberships.

CreateObject("ADsSID") is need because the active directory stores the sid as a raw binary and CreateObject("ADsSID") can be used to convert this binary value to a string.

The code requires a dll be registered on the computer to use CreateObject("ADsSID"). I hope that is not a problem?

You can get this dll by installing the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

You will also need to change this line

Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")

to match your domain setup.

If you have any more questions just let me know

here is the code:

parse_Container "S-1-5-21-527237240-1682526488-1417001333-197190"

' Run through all users in the container retreiving their binary sid and converting it to sddl (s-1-5-)
Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_ACTIVE_DIRECTORY_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Regards

Scott
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:xy15973
ID: 11867748
Thanks...this looks good. How do i get it to work for none AD domain?
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 11867757
What is your network setup?

servers/client types

Scott
0
 

Author Comment

by:xy15973
ID: 11868052
NT4 domain
0
 
LVL 15

Accepted Solution

by:
Colosseo earned 500 total points
ID: 11879352
OK firstly I need to apologise for the delay and secondly I need to apologise for this code as I have no idea if it will work cause i dont have access to an NT 4 domain. I have tested it on our active directory and it hasnt failed but it is still running. The AD here is pretty large.

But hey ho we can give it a try and tweak it until it does ;)

Note you will still need the this dll from the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' enter your domain name here
 str_Domain = "domain name"

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("WinNT://" & str_Domain)

 ' filter only users
 oUsers.Filter = Array("user")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_WINNT_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     msgbox "found"
     'get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Let me know how you get on

Scott
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 11973345
Hi xy thanks for the grade.

Did the code work ok?

Cheers

Scott
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

RIA (Rich Internet Application) tools are interactive internet applications which have many of the characteristics of desktop applications. The RIA tools typically deliver output either by the way of a site-specific browser or via browser plug-in. T…
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now