Re: How do I convert sid retrieved from the AD to SDDL string form

Hello,

you are converting the sid byte[] to a string (using .ToString). This will end up with something like "System.Byte[]". You must extract the byte[] from the entry and pass it to the SecurityIdentifier constructor.

Best regards,
Henning Krause

"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:756E26D8-7D34-41A7-823C-09003CE55E6B@xxxxxxxxxxxxxxxx
As shown in my code, that's what I'm trying to do but it's not working.
SecurityIdentifier si = new
SecurityIdentifier(dsReport.Tables["AdComputers"].Rows[y][0].ToString());
I'm getting the following exception error at run time:
System.ArgumentException:Value was invalid. Parameter name:sddlForm at
System.Security.principal.SecurityIdentifier..ctor(String sddlForm)

--
Thanks.


"Henning Krause [MVP - Exchange]" wrote:

Hello,

if you are using .NET 2.0, you can pass the byte[] you get from the
objectSid property to a SecurityIdentifier class.

Otherwise, you have at least these options:
1) (easy one) Call the Win32 function ConvertSidToStringSid.
2) (more difficult, but more flexibility) Call the Win32 DsCrackNames
function

Best regards,
Henning Krause

"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0972CEEE-1D2D-4605-8C4B-3B4995A2195D@xxxxxxxxxxxxxxxx
>I retrieve sid from AD into a dataset table. How can I convert this to
>SDDL
> format string? My code below is not working.
>
> ReportPreview repPreview = new ReportPreview();
> string AdSelect = "select objectSid, cn, operatingSystem,
> operatingSystemVersion from 'LDAP://CN=Computers,"; +
> delimitedDomain + "'";
> string padSelect = "Select cn, meetingName from " +
> globalCompPath;
> string temp;
> int rs, num;
> OleDbConnection adCon = new
> OleDbConnection("Provider=ADsDSOObject");
> OleDbDataAdapter qryAdapter = new OleDbDataAdapter(AdSelect,
> adCon);
> try
> {
> DataRow newRow = dsReport.Tables["Computers"].NewRow();
>
> qryAdapter.Fill(dsReport, "AdComputers");
> num = dsReport.Tables["AdComputers"].Rows.Count;
> for (int y = 0; y <
> dsReport.Tables["AdComputers"].Rows.Count; y++)
> {
> SecurityIdentifier si = new
> SecurityIdentifier(dsReport.Tables["AdComputers"].Rows[y][0].ToString());
> dsReport.Tables["AdComputers"].Rows[y][0] = > si.Value;
> }
> -- > Thanks.



.

Relevant Pages

  • Re: Need help with DirectorySearcher FILTER using SID.
    ... Hi Joe, Sorry for not giving a bit more backgroup information about my ... After I retrive this sid from meeting class, I need to use it as the filter ... byte array which can then be transform to Octet string for search filter. ... SecurityIdentifier sdSID = new SecurityIdentifier; ...
    (microsoft.public.dotnet.security)
  • Re: ActiveDirectory group membership in offline profile
    ... thx for help! ... SecurityIdentifier sid = new SecurityIdentifier("some domain ... SID shown by whoami"); ... Dominick Baier, DevelopMentor ...
    (microsoft.public.dotnet.security)
  • Re: ActiveDirectory group membership in offline profile
    ... thx for help! ... SecurityIdentifier sid = new SecurityIdentifier("some domain ... SID shown by whoami"); ... Dominick Baier, DevelopMentor ...
    (microsoft.public.dotnet.security)
  • Re: Reading msexchMasterAccountSid
    ... that field contains a SecurityIdentifier (SID). ... If you are working with .NET 2.0 you can wrap that text in a SecurityIdentifier and call sid.Translate) which translate the SIDs to NT4 account names. ...
    (microsoft.public.exchange2000.development)