Re: How do I convert sid retrieved from the AD to SDDL string form

Hi Joe,
The reaons that I was still messing with query instead of DirectorySearcher
is becuase I need to get result of join table with data from 2 different AD
path. But, that doesn't work at all. The following is what I tried.

Now, I have to do 2 loops usins SearchResultCollection from the 1st AD path
and then one by one find its matching object in the other path using sid as
the key. I then combine selected attributes from the 2 path finding and
create a 3rd table that I pass to Crystal Report for producing reports.

I have to do this for AD computer, user and group objects. I wonder if
there is a more efficient way of doing?

filter = "select contextAtt.cn as SID, contextAtt.meetingID as [Context] " +
", adAtt.cn as [Computer Name], adAtt.operatingSystem as [O/S Name] ,
adAtt.operatingSystemVersion as [O/S Version] from " +
globalCompPath + " as contextAtt join 'LDAP://CN=Computers"; +
delimitedDomain +
"' as adAtt on contextAtt.SID = adAtt.objectSid";
--
Thanks.


"Joe Kaplan" wrote:

It needs to be a byte[], because the data is a variable length byte array.
AD SIDs are generally bigger than GUIDs, so that isn't a good idea. I think
the problem from your previous code sample was that you were calling
ToString on the data.

I'm still confused why you are using OLEDB for searching AD, but whatever
works for you...

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A498835F-3C6E-4569-B83E-B897B1D90025@xxxxxxxxxxxxxxxx
In the Dataset table definition, what type should I set for storing SID,
which is a byte[]. I tried GUID type but it doesn' like it.
--
Thanks.


"Henning Krause [MVP - Exchange]" wrote:

Hello,

if you are using .NET 2.0, you can pass the byte[] you get from the
objectSid property to a SecurityIdentifier class.

Otherwise, you have at least these options:
1) (easy one) Call the Win32 function ConvertSidToStringSid.
2) (more difficult, but more flexibility) Call the Win32 DsCrackNames
function

Best regards,
Henning Krause

"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:0972CEEE-1D2D-4605-8C4B-3B4995A2195D@xxxxxxxxxxxxxxxx
I retrieve sid from AD into a dataset table. How can I convert this to
SDDL
format string? My code below is not working.

ReportPreview repPreview = new ReportPreview();
string AdSelect = "select objectSid, cn, operatingSystem,
operatingSystemVersion from 'LDAP://CN=Computers,"; +
delimitedDomain + "'";
string padSelect = "Select cn, meetingName from " +
globalCompPath;
string temp;
int rs, num;
OleDbConnection adCon = new
OleDbConnection("Provider=ADsDSOObject");
OleDbDataAdapter qryAdapter = new OleDbDataAdapter(AdSelect,
adCon);
try
{
DataRow newRow = dsReport.Tables["Computers"].NewRow();

qryAdapter.Fill(dsReport, "AdComputers");
num = dsReport.Tables["AdComputers"].Rows.Count;
for (int y = 0; y <
dsReport.Tables["AdComputers"].Rows.Count; y++)
{
SecurityIdentifier si = new
SecurityIdentifier(dsReport.Tables["AdComputers"].Rows[y][0].ToString());
dsReport.Tables["AdComputers"].Rows[y][0] =
si.Value;
}
--
Thanks.





.

Relevant Pages

  • Re: Need help with DirectorySearcher FILTER using SID.
    ... the escape character should be a single backslash in the filter. ... actual string doesn't contain \\. ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... After I retrive this sid from meeting class, I need to use it as the ...
    (microsoft.public.dotnet.security)
  • Re: ActiveDirectoryMembershipProvider & ChangePassword control
    ... a LDAP call is made to create the account in AD. ... If the ActiveDirectoryMembershipProvider does not support this attribute is ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: how to add "Authorization: Basic" for a web service call
    ... How can I add a second proxy for the remoteAuthentication? ... Joe Kaplan ha scritto: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... NetworkCredential remoteCredentials = new NetworkCredential("a", ...
    (microsoft.public.dotnet.security)
  • Re: AD Schema Extension Question
    ... Might just stick with the modification of the AD schema. ... "Joe Kaplan" wrote: ... The ADAM instances could be ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to bypass Forms Authentication on selected pages programma
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... for authentication. ...
    (microsoft.public.dotnet.security)