Get user info using SID

Hi,
      This is tough job using a script. However if you must, do the following (assuming a Win 2000 domain)

- Bind to the user domain (I guess you should which domain the user belongs to)
- Search the  domain for the objectSid property equalling the SID you have
- Using the DN of the user, search the domain for groups whose members property contains the DN you obtained.

Does that help?

Madz

I am not sure...Are you saying get the username from the SID and then do a lookup for the users group memebership?

Nope. What I am saying is to do an LDAP bind to the domain and seach the domain container for user objects that have the objectSid property equal to the user SID that you have.

something like
set objIADs = GetObject("LDAP://MyDomain")
'you can use ADO to search the AD. I do not have sample code. You can find it on the net.
' Have the search filter as (&(objectCategory=user)(objectSid=TheSidYouHave))

Does that answer your query?

Madz

Hi xy15973

It took a while to work out but I believe the following code does what you require.

It accepts a string sid in the form S-1-5-21.... and then loops through a container extracting the sid of each object, converting the extracted sid to a string and then comparing it to the search sid.

When it finds a match it calls the get_Groups sub passing the current user object. This user object is then used to list the users group memberships.

CreateObject("ADsSID") is need because the active directory stores the sid as a raw binary and CreateObject("ADsSID") can be used to convert this binary value to a string.

The code requires a dll be registered on the computer to use CreateObject("ADsSID"). I hope that is not a problem?

You can get this dll by installing the SDK for Active Directory Services Interfaces which you can get at

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp

You will also need to change this line

Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")

to match your domain setup.

If you have any more questions just let me know

here is the code:

parse_Container "S-1-5-21-527237240-1682526488-1417001333-197190"

' Run through all users in the container retreiving their binary sid and converting it to sddl (s-1-5-)
Sub parse_Container(str_SID_To_Find)
 
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
Const ADS_SID_WINNT_PATH = 5
Const ADS_SID_ACTIVE_DIRECTORY_PATH = 6
Const ADS_SID_SID_BINDING = 7

 ' This object is used to get the sid
 Set oADsSID = CreateObject("ADsSID")

 ' Connect to the correct container
 ' you will have to change this to match your domain structure!!
 Set oUsers = GetObject("LDAP://OU=CONTAINERNAME,OU=OUNAME,DC=DOMAINNAME,DC=COM]")
 
 ' For each object in the container
 For Each oUser In oUsers
   ' Get the string SID for the current user
   oADsSID.SetAs ADS_SID_ACTIVE_DIRECTORY_PATH, CStr(oUser.adsPath)
   str_Current_SID = oADsSID.GetAs(ADS_SID_SDDL)

   ' If the current users sid matches the search sid then
   If CStr(str_Current_SID) = CStr(str_SID_To_Find) Then
     ' Get the groups for this user
     get_Groups oUser
     ' Exit the loop
     Exit For
   End If
 
 Next
 
' Tidy up
 Set oUser = Nothing
 Set oADsSID = Nothing
 Set oUsers = Nothing

End Sub

' Get the groups for the user
Sub get_Groups(oUser)

  ' For each group in this users groups
  For Each oGroup In oUser.Groups
    ' add the group name to the output string
    str_Groups = str_Groups & oGroup.Name & Chr(10)
  Next
 
  ' Display the string
  MsgBox str_Groups
End Sub

Regards

Scott

Thanks...this looks good. How do i get it to work for none AD domain?

What is your network setup?

servers/client types

Scott

NT4 domain

Hi xy thanks for the grade.

Did the code work ok?

Cheers

Scott