Solved

SID to group name - Active Directory

Posted on 2004-10-04
10
1,330 Views
Last Modified: 2007-12-19
I have a SID in the format of S-1-2.... and I need to query an Active Directory to get the group name that corresponds to the respective SID utilizing Visual Basic 6.0.  Any help that anyone can provide will be greatly appreciated.
0
Comment
Question by:mknoke
  • 6
  • 3
10 Comments
 
LVL 76

Expert Comment

by:David Lee
ID: 12222971
A group's SID is stored in the Group object as a property called objectSID.  The first two links are to pages that document the property.  The third link is to a page with a VBScript example that includes code for converting the objectSID property from its native form into the string we are used to seeing.  The VBScript code is easily converted into pure VB.  You can use then use that code in a loop that itterates through the groups in your AD structure looking for a match.  You don't indicate in your question whether you just need code to compare the SIDs or whether you also need code to loop through the groups.  If you need the latter, then I can help with that too.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sds/sds/octet_string__sid__property_type.asp
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/group_objects.asp
http://www.rlmueller.net/Programs/IsMember8.txt
0
 

Author Comment

by:mknoke
ID: 12226721
What I am looking for is to pass VB Code a SID, which will correlate to a group name.  I want that code to return the actual group name that we are used to seeing.  I do not need to determine the users in that group, I just need the group name.  Do you have some code that can do that for me?

Thanks!
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12228798
Ok, let me see if I can put something together that does that.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 76

Expert Comment

by:David Lee
ID: 12233772
I believe I figured out how to do it.  I'll post code tomorrow.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12237450
Here's the code.  It really needs to go into a separate module (.bas file).  Do not insert an Option Base 1 command in the file.  Not only would you have to fix all of my array references from 0 based to 1 based, but I discovered during testing that the code just would not work with 1 based arrays.  I tested this code in my domain, searching for several different SIDs.  It correctly found them.  Be sure and include a reference to "Active DS Type Library" in your project.

Usage:  x = GetGroupNameFromSID("Domain","SID")
    Where: Domain is the name of the domain you want to search for the group in
                SID is the SID of the group that you want to search for
    Returns: The name of the group with the searched for SID

Dim arrSID(8) As Long

Public Function GetGroupNameFromSID(ByVal strDomain As String, ByVal strSID As String) As String
    Dim objDomain As IADsDomain, _
        objGroup As IADsGroup, _
        strTemp As String, _
        strMySID As String, _
        intStart As Integer, _
        intCounter As Integer, _
        strRetVal As String
    strRetVal = "Not Found"
    Set objDomain = GetObject("WinNT://" & strDomain)
    objDomain.Filter = Array("Group")
    For Each objGroup In objDomain
        objGroup.GetInfo
        strTemp = OctetToHexStr(objGroup.objectsid)
        arrSID(0) = Mid(strTemp, 1, 2)
        arrSID(1) = CLng(Mid(strTemp, 3, 2)) + 2        'The number of segments in this SID.
        arrSID(2) = BigEndian(Mid(strTemp, 5, 12))
        strMySID = "S-" & arrSID(0) & "-" & arrSID(2)
        intStart = 17
        For intCounter = 3 To arrSID(1)
            arrSID(intCounter) = LittleEndian(Mid(strTemp, intStart, 8))
            strMySID = strMySID & "-" & arrSID(intCounter)
            intStart = intStart + 8
        Next
        If strMySID = strSID Then
            strRetVal = objGroup.Name
            Exit For
        End If
    Next
    Set objGroup = Nothing
    Set objDomain = Nothing
    GetGroupNameFromSID = strRetVal
End Function

Private Function OctetToHexStr(arrbytOctet)
' This function from: http://www.rlmueller.net/Programs/IsMember8.txt
' I've modified it from its original version.
' Function to convert OctetString (byte array) to Hex string
    Dim k
    OctetToHexStr = ""
    For k = 1 To LenB(arrbytOctet)
        OctetToHexStr = OctetToHexStr & _
        Right("0" & Hex(AscB(MidB(arrbytOctet, k, 1))), 2)
    Next
End Function

Private Function BigEndian(strValue As String) As Long
' Function to convert a hex string stored in Big-Endian format
    Dim strBuffer As String
    strBuffer = "&" & strValue
    BigEndian = CLng(strBuffer)
End Function

Private Function LittleEndian(strValue As String) As Long
' Function to convert a hex string stored in Little-Endian format
    Dim strBuffer As String
    strBuffer = "&H" & Mid(strValue, 7, 2) & _
        Mid(strValue, 5, 2) & _
        Mid(strValue, 3, 2) & _
        Mid(strValue, 1, 2)
    LittleEndian = strBuffer
End Function
0
 

Author Comment

by:mknoke
ID: 12279824
Thanks for the quick response.  Is there any way that it can search only in a particular OU in the AD?  Or does this code only offer searching by the high level domain.  Thank you for all of your help.
0
 
LVL 76

Expert Comment

by:David Lee
ID: 12280615
The code above searches the entire domain.  I suspect I can modify it to search a single OU though.  Is that what you need?
0
 

Author Comment

by:mknoke
ID: 12288888
Yes, that is what I need.  Thanks again.
0
 
LVL 76

Accepted Solution

by:
David Lee earned 500 total points
ID: 12294152
Ok, replace the GetGroupNameFromSID function with the one below.  This version uses the LDAP provider to get the OU instead of the WinNT provider I used before to grab the domain.  You'll need to edit this line of code

    Set objOU = GetObject("LDAP://MyServer.Company.Com/" & strPathToOU & ",dc=company,dc=com")

and replace MyServer.Company.Com with the path to your AD server and dc=company,dc=com with your AD information.  The call to the revised function requires you to pass the path to the OU you want to look for the group in.  If you use nested OUs, then that'll need to be in the form of OU=Level2OU,OU=Level1OU or however many levels you have in reverse order (deepest to shallowest).  As before I tested this in my AD environment and it worked like it should.


Public Function GetGroupNameFromSID(ByVal strPathToOU As String, ByVal strSID As String) As String
    Dim objGroup As IADsGroup, _
        objOU As IADsOU, _
        strTemp As String, _
        strMySID As String, _
        intStart As Integer, _
        intCounter As Integer, _
        strRetVal As String
    strRetVal = "Not Found"
    Set objOU = GetObject("LDAP://MyServer.Company.Com/" & strPathToOU & ",dc=company,dc=com")
    objOU.Filter = Array("Group")
    For Each objGroup In objOU
        objGroup.GetInfo
        strTemp = OctetToHexStr(objGroup.objectsid)
        arrSID(0) = Mid(strTemp, 1, 2)
        arrSID(1) = CLng(Mid(strTemp, 3, 2)) + 2        'The number of segments in this SID.
        arrSID(2) = BigEndian(Mid(strTemp, 5, 12))
        strMySID = "S-" & arrSID(0) & "-" & arrSID(2)
        intStart = 17
        For intCounter = 3 To arrSID(1)
            arrSID(intCounter) = LittleEndian(Mid(strTemp, intStart, 8))
            strMySID = strMySID & "-" & arrSID(intCounter)
            intStart = intStart + 8
        Next
        If strMySID = strSID Then
            strRetVal = Mid(objGroup.Name, 4)
            Exit For
        End If
    Next
    Set objGroup = Nothing
    Set objOU = Nothing
    GetGroupNameFromSID = strRetVal
End Function
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many ways to remove duplicate entries in an SQL or Access database. Most make you temporarily insert an ID field, make a temp table and copy data back and forth, and/or are slow. Here is an easy way in VB6 using ADO to remove duplicate row…
Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question