Re: how can I find the domain name if I have the domain sid?

The following code is what I have so far for trying to get the domain name
from passing in a user's objectSid. Can you elaborate on how to use the sid
DN to build the path so I can get the DirectoryEntry object for the user sid
that is passed in, from the code I have so far? Is that possible? Thank you.

public static string GetDominName(string sid)
{
string childSidKey = null;

childSidKey = sid;
SecurityIdentifier sdSID = new SecurityIdentifier(childSidKey);

SecurityIdentifier domainSid = sdSID.AccountDomainSid;
Domain domain;

NTAccount account = (NTAccount)sdSID.Translate(typeof(NTAccount));


string name = account.Value.ToString();


if (name != null)
return name;
else
return null;
}
--
Thanks.


"Joe Kaplan" wrote:

P/Invoke, yes. Note that you still need to bind to something to be able to
resolve the name, so if the SID is from a trusted forest, you would bind to
a DC in the current forest and then DsCrackNames would use the trust to do
the translation. If the SID is from some random forest with no trust path,
I don't think you can determine this.

You can convert from SecurityIdentifier to DirectoryEntry by using the SID
DN syntax to build the ADsPath for the DirectoryEntry. You can't go
straight from NTAccount.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6F84194-09D4-4176-8F2C-C41441B141F5@xxxxxxxxxxxxxxxx
Hi Joe,
Is there any way to convert the NTAccount type to a DirectoryEntry so I
can
extract the user's property of its path in .net 2?
IADsNameTranslate requires domain name so that won't work. I don't know
how
to call DsCrackNames from my C# windows application. PInvoke?
Thank you.
--
Thanks.


"Joe Kaplan" wrote:

I think you need to call DsCrackNames for this. You could also use
IADsNameTranslate as a wrapper.

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:08291BDB-82EB-4CB5-BDDC-81E1AE95CA1B@xxxxxxxxxxxxxxxx
On the 2nd thought, actually, I don't think I can the DirectorySearcher
becuase this domain could be from another forest.

Besides the Domain sid, I also have the user sid. When I convert the
user
sid to NTAccount and get the name, it only provide the 1st part of the
domain
name /user name. It doens't give me the full domain name. For
example,
xxx.yyy.zzz and userA is the user name it would give me "xxx/userA.

Is there any way for me to get the full domain name of a domain from
any
forest using either the domain sid or user sid? Thank you.
--
Thanks.


"Joe Kaplan" wrote:

Can you create a SecurityIdentifier and then call Translate on it to
get
an
NTAccount? I haven't tried that with a domain SID.

Otherwise, you might have to search for the object by its SID with an
LDAP
query (which should be pretty easy too).

Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2CC18153-7BC1-4DE8-8068-E3700E279BD5@xxxxxxxxxxxxxxxx
This domain could be in my current forest or in a foreign forst.
The
DirectoryContext requires domain name but I only have the domain
side.
How
can I do this in .net 2, vs2005, using C# for a windows applicaiton?
Thank
you.
--
Thanks.









.

Relevant Pages

  • Re: how can I find the domain name if I have the domain sid?
    ... resolve the name, so if the SID is from a trusted forest, you would bind to ... If the SID is from some random forest with no trust path, ... Joe Kaplan-MS MVP Directory Services Programming ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.dotnet.security)
  • Re: Urgent: Add a user from a trusted forest to a Group in my forest
    ... But how will i get the SID of an user from the trusted forest? ... On 25 Jul, 00:58, "Joe Kaplan" ... Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net ...
    (microsoft.public.windows.server.active_directory)
  • error from federation server proxy
    ... the application is not opening and going to federation server ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDIFDE Error when trying to change passwords.
    ... "Joe Kaplan" wrote: ... The -h adds the encryption. ... Co-author of "The .NET Developer's Guide to Directory Services ... command or the bind command as I am not sure how to use them. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Integrated Windows Authentication Timeout?
    ... "Joe Kaplan" wrote: ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... long as they are all on the same account. ... SPN exists on the account that is running the service. ...
    (microsoft.public.dotnet.framework.aspnet.security)