Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Can I pull user info from the SAM?

Posted on 2006-10-30
3
141 Views
Last Modified: 2013-12-04
Alright, I'm unfamiliar with Windows Security, so please bear with me. I have an Access application, that pulls information from Active Directory, based on the user's logon. I currently pull their first and last name, logon name, and email address. This is critical as I need it for validation purposes, and the validation for each record works differently depending upon who's logged in, compared to who edited the record previously, so I can't validate using an Access workgroup solely. I need to grab this info, so I can compare it to our staff database, to grab the user's job title which is stored there. Here's the kicker:

We are currently migrating users to XP, from Windows 2000, but this will take many months, and I need this validation completed this week. MANY users are still using Windows 2000. The validation works on XP, but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users. It was suggested that I pull Windows 2000 users info from the SAM file. I know nothing about SAM's, and after reading up on them, I have no clue if it's even possible, or how to go about extracting information for them.

Can anyone tell me if it's possible to extract an email address (or any identifiable personal information) from the SAM, and if so, how to go about it?
0
Comment
Question by:Tyedyeguy
3 Comments
 
LVL 10

Accepted Solution

by:
Chris_Gralike earned 500 total points
ID: 17837838
I think querying the system account manager will be verry tough, if even possible. Maybe there are api`s available in the WMI toolset, but not any im aware of. Next to that it might indicate quite a large security leak if it is indeed possible using such api`s. Next to that AD not being available for windows 2k clients sounds just as odd as querying the SAM database.

If there is an AD that works for windows XP clients you might want to reffer to LDAP based queries against the AD the xp clients use... But then again, im not the access person and am not a programmer... :S

Sorry i cant be of more help, but sure enough... querying the sam database? or read the data from a flat file? that sounds like hacking course 1 :P

Regards,
0
 
LVL 54

Expert Comment

by:McKnife
ID: 17845760
"but I am told that the way the users accounts are set up, there is no Active Directory for Windows 2000 users" - ???
Just try it out, I doubt that anything will be different from xp.
0
 

Author Comment

by:Tyedyeguy
ID: 17862477
Sorry, I guess that I left out some information.  I have tried LDAP based queries, and I have tried pulling from AD for our Windows 2000 users. It gave me no errors, so everything appeared to be working. It wasn't until after a week of testing that I found out it wasn't really pulling the data (but everything looked like it was running fine).

I know next to nothing about Windows security, but I have since been told by many people that we don't use AD for our Windows 2000 user accounts. Beyond that, I haven't received any more clarification. It runs fine on my Windows 2000 machine, if I'm signed in using my XP account logon, so I'm quite certain the problem is more in how the user accounts are set up, then the OS itself. We're also migrating to a new network, so that could factor in as well.

I had to solve the problem by creating a table with specific user logon's in it for the users still using their Win2K accounts, as well as their identifiable personal records (first and last name). I compare that against our staff directory. I don't like it, but as a short-term solution, it'll work.

Thanks for the help guys. I'll give the points to Chris since he informed me that it doesn't sound possible.

0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question