Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4012
  • Last Modified:

Get user info using SID

I have the user SID and I need to get User info (Domain groups) using vbscript?
0
xy15973
Asked:
xy15973
  • 4
  • 3
  • 2
1 Solution
 
MadzCommented:
Hi,
      This is tough job using a script. However if you must, do the following (assuming a Win 2000 domain)

- Bind to the user domain (I guess you should which domain the user belongs to)
- Search the  domain for the objectSid property equalling the SID you have
- Using the DN of the user, search the domain for groups whose members property contains the DN you obtained.

Does that help?

Madz
0
 
xy15973Author Commented:
I am not sure...Are you saying get the username from the SID and then do a lookup for the users group memebership?
0
 
MadzCommented:
Nope. What I am saying is to do an LDAP bind to the domain and seach the domain container for user objects that have the objectSid property equal to the user SID that you have.

something like
set objIADs = GetObject("LDAP://MyDomain")
'you can use ADO to search the AD. I do not have sample code. You can find it on the net.
' Have the search filter as (&(objectCategory=user)(objectSid=TheSidYouHave))

Does that answer your query?

Madz
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
ColosseoCommented:
Hi xy15973

It took a while to work out but I believe the following code does what you require.

It accepts a string sid in the form S-1-5-21.... and then loops through a container extracting the sid of each object, converting the extracted sid to a string and then comparing it to the search sid.

When it finds a match it calls the get_Groups sub passing the current user object. This user object is then used to list the users group memberships.

CreateObject("ADsSID") is need because the active directory stores the sid as a raw binary and CreateObject("ADsSID") can be used to convert this binary value to a string.

The code requires a dll be registered on the computer to use CreateObject("ADsSID"). I hope that is not a problem?

You can get this dll by installing the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

You will also need to change this line

Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")

to match your domain setup.

If you have any more questions just let me know

here is the code:

parse_Container "S-1-5-21-527237240-1682526488-1417001333-197190"

' Run through all users in the container retreiving their binary sid and converting it to sddl (s-1-5-)
Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_ACTIVE_DIRECTORY_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Regards

Scott
0
 
xy15973Author Commented:
Thanks...this looks good. How do i get it to work for none AD domain?
0
 
ColosseoCommented:
What is your network setup?

servers/client types

Scott
0
 
xy15973Author Commented:
NT4 domain
0
 
ColosseoCommented:
OK firstly I need to apologise for the delay and secondly I need to apologise for this code as I have no idea if it will work cause i dont have access to an NT 4 domain. I have tested it on our active directory and it hasnt failed but it is still running. The AD here is pretty large.

But hey ho we can give it a try and tweak it until it does ;)

Note you will still need the this dll from the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' enter your domain name here
 str_Domain = "domain name"

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("WinNT://" & str_Domain)

 ' filter only users
 oUsers.Filter = Array("user")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_WINNT_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     msgbox "found"
     'get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Let me know how you get on

Scott
0
 
ColosseoCommented:
Hi xy thanks for the grade.

Did the code work ok?

Cheers

Scott
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now