Re: Advice requested : Storing SID String in SQL table

From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 17 Aug 2006 21:09:29 -0500

A SID in binary is a 1 byte revision, 1 byte of sub authority count, 6 bytes
of authority ID and then a variable number of 4 byte subauthorities, maxing
out at 15. Thus, you've got 68 bytes there. I've never seen a SID with
that many sub-authorities, but it is technically possible.

I'm not sure about the max length for the string, but you can probably
figure that out based on the max length of a 4 byte unsigned integer as
string, a 6 byte unsigned integer as string, etc. It will get a lot bigger
than you really need if you allow for all 15 subauthorities.

Another potential option to consider might be to store the user's AD GUID
(assuming you are talking about AD users and groups here). That fits nicely
into a normal SQL unique ID column and is always 16 bytes. You'd then need
to look up the SIDs if you need them from the directory.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Russell Mangel" <russell@xxxxxxxxx> wrote in message
news:OgSJhpZwGHA.3508@xxxxxxxxxxxxxxxxxxxxxxx

I would like to store a Windows NT Account SID in an SQL server table as a
SID String.

What is the maximum length of a SID String?
What is the maximum length of a SID byte[] array?

Is this information published anywhere?

Thanks
Russell Mangel
Las Vegas, NV

PS
I am just trying to avoid using overly large
column lengths in SQL 2005. I realize that
I could use VARBINARY(MAX) for
bytes, or VARCHAR(MAX) for SID
string.

Follow-Ups:
- Re: Advice requested : Storing SID String in SQL table
  - From: Russell Mangel
- Re: Advice requested : Storing SID String in SQL table
  - From: Russell Mangel

References:
- Advice requested : Storing SID String in SQL table
  - From: Russell Mangel

Prev by Date: Access Rights and Folders
Next by Date: Re: Verify syntax of an URl
Previous by thread: Advice requested : Storing SID String in SQL table
Next by thread: Re: Advice requested : Storing SID String in SQL table
Index(es):
- Date
- Thread

Relevant Pages

Re: Need help with DirectorySearcher FILTER using SID.
... the escape character should be a single backslash in the filter. ... actual string doesn't contain \\. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... After I retrive this sid from meeting class, I need to use it as the ...
(microsoft.public.dotnet.security)
Re: Systemkonto ermitteln
... Du die SID in einen String umformen. ... if(!LookupAccountSid(null, sid, name, ref cchName, referencedDomainName, ... ref cchReferencedDomainName, out sidUse)) { ...
(microsoft.public.de.german.entwickler.dotnet.csharp)
Re: modify sIDHistory
... try using the clone principal scripts from MS. (reskit or supp. ... > selected sidHistory and pasted the octet value of the user sid that I ... >> Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String, ...
(microsoft.public.windows.server.active_directory)
Re: modify sIDHistory
... The source domain is SAMBA3 and the destination is Server 2003 AD Native Mode. ... > selected sidHistory and pasted the octet value of the user sid that I wanted ... > old SID? ... >> Public Sub ClonePrincipal(ByVal srcDC As String, ByVal srcDom As String, ...
(microsoft.public.windows.server.active_directory)
Re: Need help with DirectorySearcher FILTER using SID.
... The problem is obviously my SID format in the search filter. ... public static string GetWinName(DirectoryEntry de, ...
(microsoft.public.dotnet.security)