Solved

Get user info using SID

Posted on 2004-08-18
9
4,003 Views
Last Modified: 2012-08-13
I have the user SID and I need to get User info (Domain groups) using vbscript?
0
Comment
Question by:xy15973
  • 4
  • 3
  • 2
9 Comments
 
LVL 3

Expert Comment

by:Madz
ID: 11828921
Hi,
      This is tough job using a script. However if you must, do the following (assuming a Win 2000 domain)

- Bind to the user domain (I guess you should which domain the user belongs to)
- Search the  domain for the objectSid property equalling the SID you have
- Using the DN of the user, search the domain for groups whose members property contains the DN you obtained.

Does that help?

Madz
0
 

Author Comment

by:xy15973
ID: 11828968
I am not sure...Are you saying get the username from the SID and then do a lookup for the users group memebership?
0
 
LVL 3

Expert Comment

by:Madz
ID: 11830023
Nope. What I am saying is to do an LDAP bind to the domain and seach the domain container for user objects that have the objectSid property equal to the user SID that you have.

something like
set objIADs = GetObject("LDAP://MyDomain")
'you can use ADO to search the AD. I do not have sample code. You can find it on the net.
' Have the search filter as (&(objectCategory=user)(objectSid=TheSidYouHave))

Does that answer your query?

Madz
0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 15

Expert Comment

by:Colosseo
ID: 11831663
Hi xy15973

It took a while to work out but I believe the following code does what you require.

It accepts a string sid in the form S-1-5-21.... and then loops through a container extracting the sid of each object, converting the extracted sid to a string and then comparing it to the search sid.

When it finds a match it calls the get_Groups sub passing the current user object. This user object is then used to list the users group memberships.

CreateObject("ADsSID") is need because the active directory stores the sid as a raw binary and CreateObject("ADsSID") can be used to convert this binary value to a string.

The code requires a dll be registered on the computer to use CreateObject("ADsSID"). I hope that is not a problem?

You can get this dll by installing the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

You will also need to change this line

Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")

to match your domain setup.

If you have any more questions just let me know

here is the code:

parse_Container "S-1-5-21-527237240-1682526488-1417001333-197190"

' Run through all users in the container retreiving their binary sid and converting it to sddl (s-1-5-)
Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_ACTIVE_DIRECTORY_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Regards

Scott
0
 

Author Comment

by:xy15973
ID: 11867748
Thanks...this looks good. How do i get it to work for none AD domain?
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 11867757
What is your network setup?

servers/client types

Scott
0
 

Author Comment

by:xy15973
ID: 11868052
NT4 domain
0
 
LVL 15

Accepted Solution

by:
Colosseo earned 500 total points
ID: 11879352
OK firstly I need to apologise for the delay and secondly I need to apologise for this code as I have no idea if it will work cause i dont have access to an NT 4 domain. I have tested it on our active directory and it hasnt failed but it is still running. The AD here is pretty large.

But hey ho we can give it a try and tweak it until it does ;)

Note you will still need the this dll from the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' enter your domain name here
 str_Domain = "domain name"

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("WinNT://" & str_Domain)

 ' filter only users
 oUsers.Filter = Array("user")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_WINNT_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     msgbox "found"
     'get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Let me know how you get on

Scott
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 11973345
Hi xy thanks for the grade.

Did the code work ok?

Cheers

Scott
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wordcount challenge 11 121
Microsoft C++ code failing in executable that worked 9 97
Apps blocked by Java 9 79
"Black Box" Testing of Control System Software 2 49
This article will show, step by step, how to integrate R code into a R Sweave document
This is an explanation of a simple data model to help parse a JSON feed
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question