Re: What about this?

• Previous message: William McIlroy: "Re: File Open/Close Auditing"
• In reply to: Joe Richards [MVP]: "Re: What about this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 3 Aug 2005 22:04:55 +0200

"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:%23Cb4ru8lFHA.1968@TK2MSFTNGP14.phx.gbl...
> Only if the user is forest root user would this work.
>
> You chould query the rootdse, get the forest root domain, bind to the NC
> head object and retrieve the objectsid and then append the well known RID.
>

Thanks a lot

FYI...

SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;

PSID pDomainSidTemp = NULL;

CComPtr<IADs> prootDSE;

hr = ::ADsGetObject(L"LDAP://rootDSE", IID_IADs, (void**)&prootDSE);

CComVariant rootDomain;

CComBSTR strTemp(L"rootDomainNamingContext");

hr = prootDSE->Get(strTemp, &rootDomain);

if (rootDomain.vt == VT_BSTR)

{

CComBSTR rootDomainPath(L"LDAP://");

rootDomainPath.AppendBSTR(rootDomain.bstrVal);

prootDSE.Release();

hr = ::ADsGetObject(rootDomainPath, IID_IADs, (void**) &prootDSE);

//get objectSid and retrieve a temp pointer copy Sid

if (SUCCEEDED(hr))

{

    strTemp = L"objectSid";

    hr = prootDSE->Get(strTemp, &rootDomain);

    //fetch VT_ARRAY | VT_UI1

    if (SUCCEEDED(hr))

        pDomainSidTemp = (PSID)rootDomain.parray->pvData;

}

}

DWORD sa[MAX_SUBAUTHORITY_COUNT]; //#define MAX_SUBAUTHORITY_COUNT 8

BYTE maxcount = *GetSidSubAuthorityCount(pDomainSidTemp);

for (BYTE cx=0; cx < maxcount; cx++)

    sa[cx] = *GetSidSubAuthority(pDomainSidTemp, cx);

//append the last authority with a fixed ID

sa[maxcount] = DOMAIN_GROUP_RID_SCHEMA_ADMINS;

// create a new ID

CSid pSchemaAdmins(sia, maxcount + 1, sa[0], sa[1], sa[2], sa[3], sa[4],
sa[5], sa[6], sa[7]);

• Previous message: William McIlroy: "Re: File Open/Close Auditing"
• In reply to: Joe Richards [MVP]: "Re: What about this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]