Re: GetOwner and IdentityNotMappedException

Hey Henning,

I admit I have been giving some misleading information on this :-)

I do have several cases where Windows can display the username and my
program can not.

Our domain (Windows 2003) is trusted by the other domain (NT4).

Any ideas?

Best regards, Jakob.



"Henning Krause [MVP - Exchange]" wrote:

Hello Jakob,

just to be clear on this - the Windows Explorer also only displays the SID
in thos cases where you get an IdentityNotMappedException?

Or do you have some cases where Windows can display the username but your
program cannot?

Best regards,
Henning Krause

"Jakob Christensen" <jch@xxxxxxxxxxxxxxxx> wrote in message
news:A891697F-DA52-4D76-8CB0-349587676998@xxxxxxxxxxxxxxxx
Hey Joe,

Thanks for your answer.

I have not found a solution to this yet. I tried running the code under
different users which did not change anything. Right now, I have no idea
how
to solve it :-)

Best regards, Jakob.


"Joe Kaplan" wrote:

That's the only thing I can think to do. If the Windows UI can translate
the SID, then the .NET code should be able to also, all things being
equal.
To make sure they are equal, try to make sure the code executes with the
same security context that you are using in the Windows UI (whatever you
logged in with).

Best of luck!

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jakob Christensen" <jch@xxxxxxxxxxxxxxxx> wrote in message
news:A1EC4C82-0A27-4AFF-8BF5-B87289DF2398@xxxxxxxxxxxxxxxx
Hey Joe,

Thanks for your answer.

I am still having problems translating some of the objects that do not
show
up as SIDs. The ones that do show up as SIDs are probably references
to
deleted objects on the other domain.

I may try to run my code under a different account with domain
administrators rights.

Thanks, Jakob.

That makes a lot more sense. Typically, if the OS can resolve the SID
in
the UI, the .NET code can too beause they basically call into the same
OS
function to do the work. Sometimes things can get weird if different
accounts are used to execute the same code, but in this case I would
expect
not.


Do you know if the objects that show up as SIDs are really from a
foreign
domain you can't access, or might they be references to objects that
have
been deleted? Those are often harder to track down.

In any event, it is a good idea to make sure you code expects this
particular exception, as it can happen at any time and isn't that
uncommon,
especially when deleted security principals are involved.

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Jakob Christensen" <jch@xxxxxxxxxxxxxxxx> wrote in message
news:F1B5656F-DA92-4858-9179-305BC032BFBE@xxxxxxxxxxxxxxxx
I think I was a bit hasty on this one. After taking a closer look it
seems
that I am only getting IdentityNotMappedException for folders where
the
owner
is actually shown as a SID in the security settings viewed from
Explorer.
So
I may not have a problem after all.

Sorry for any inconvenience and thanks for your help.

Regards, Jakob.

--
http://www.dotninjas.dk



"Jakob Christensen" wrote:

Hey Henning,

Thank you for your reply.

Will this work even though the users belong to a different domain
that
I
cannot access?

Kind regards, Jakob.

--
http://www.dotninjas.dk



"Henning Krause [MVP - Exchange]" wrote:

Hello,

you can use LDAP to look-up the sid (perform a search over the GC
and
search
for objectSid = <sid-value>).

Best regards,
Henning Krause

"Jakob Christensen" <jch@xxxxxxxxxxxxxxxx> wrote in message
news:5A2BCD0F-3DFE-4E13-A098-3FAFBEFC2A28@xxxxxxxxxxxxxxxx
Hi all,

I am trying to use the following lines of code to get the owner
of
a
directory:

FileSystemSecurity security = new DirectorySecurity(folder,
AccessControlSections.Owner);
NTAccount acc = (NTAccount)
security.GetOwner(typeof(NTAccount));

Some of the directories in question are owned by users
belonging
to a
different domain. For those directories the code fails with
IdentityNotMappedException. If I use SecurityIdentifier
instead
of
NTAccount
the code works but SecurityIdentifier only provides the SID of
the
owner.
How do I map these SIDs to domain and username? (if I take a
look
at
the
security settings through Explorer I can see the owner's domain
and
username).

Any help is very much appreciated. Thanks.

Best regards, Jakob.

--
http://www.dotninjas.dk











.

Relevant Pages

  • Re: Microsoft Windows Validation
    ... Computers that run the Windows XP operating system use a security ID (SID) as a unique identifier. ... The Microsoft Policy Concerning Disk Duplication of Windows XP Installations ...
    (microsoft.public.windowsupdate)
  • Re: Books on .net security
    ... the Windows Forms security than ASP.Net security but I was a little ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services ...
    (microsoft.public.dotnet.security)
  • Re: WindowsPrinciple.IsInRole not working with cached info
    ... If you are using the windows built-in groups, ... SID. ... you code to enforce your security. ... >> before you disconnect to create both those objects. ...
    (microsoft.public.dotnet.security)
  • Re: Books on .net security
    ... Windows Forms security than ASP.Net security but I was a little worried ... Did much change from 1.1 to 2.0 in terms of security for Windows forms? ... Keith's book on Windows Security for .NET developers is very useful too: ... Co-author of "The .NET Developer's Guide to Directory Services ...
    (microsoft.public.dotnet.security)
  • Re: IIS6.0 MSCS DCOM setting
    ... the SELF is Prinicpal Self SID and SYSTEM is Local ... 243330 Well Known Security Identifiers in Windows Server Operating Systems ... A placeholder in an inheritable ACE on an account object or ...
    (microsoft.public.windows.server.clustering)