Re: How to get the correct SID format so I can search with it?
- From: "Joe Kaplan \(MVP - ADSI\)" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 15 Aug 2006 17:06:10 -0500
It is on the book's website (link below) in the files section. That's also
where the code samples for the book are, where you can grab that function
from ch 4. SIDConverter is something I wrote, not an MS tool. :)
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:944AA2C3-A9E1-4398-A5ED-164CB274FE81@xxxxxxxxxxxxxxxx
Thanks Joe. Now I really can't wait to receive the book.
I'm not sure where to download the utility SIDConverter. I seached for it
on MSDN but didn't find aything. Can you please tell me where to find
this
tool to download? Many thanks.
--
Thanks.
"Joe Kaplan (MVP - ADSI)" wrote:
Our book contains a function called BuildFilterOctetString that can be
used
for converting arbitrary binary data in a byte[] to an LDAP filter
format.
The format just looks like this:
\xx\xx\xx\xx
Where each xx is a hex pair (padded with a leading 0 if needed)
representing
each byte and the "\" is just a prefix character. There isn't much to
the
function. You could write it easily yourself.
There is also a handy utility on the file downloads for the website
called
SIDConverter that demonstrates what all of the different representations
of
a SID might look like in the LDAP world.
Finally, AD 2003 accepts a special undocumented version of the SID for
LDAP
filters, which is just the SDDL format:
(objectSid=S-1-5-20-xxxx)
HTH,
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:130241F2-BB4F-47FE-9970-64C7E30C83FD@xxxxxxxxxxxxxxxx
Hi, I'm using vs2005, net 2.0 on Windows 2000. With the following
code,
I'm
getting back SID looking like a decimal format. But when I do a search
with
this value it doesn't find the AD object which I verify for user that
it
is
there. I think I'm not using the correct SID format. Doesn anyone
know
how
to put his in the correct SID format so I can serach with it? Thanks.
DirectoryContext dc = new
DirectoryContext(DirectoryContextType.Domain, DNSDomain);
Domain curDom = Domain.GetDomain(dc);
DirectoryEntry de = curDom.GetDirectoryEntry();
SecurityIdentifier si = new SecurityIdentifier
((byte[])de.Properties["objectSid"].Value, 0);
sid = si.Value.ToString();
DirectoryEntry deRoot = new DirectoryEntry("LDAP://CN="; + split[1] +
"," +
curDomain);
string sid = domainSID + "-" + child.Properties["cn"].Value.ToString();
DirectorySearcher dsFindADObject = new DirectorySearcher(deRoot);
dsFindADObject.Filter = "(objectSid=" + sid + ")";
dsFindADObject.PropertiesToLoad.Add("objectSid");
SearchResult sr = dsFindADObject.FindOne();
string foundSid = null;
if(sr != null)
foundSid = sr.Properties["objectSid"].ToString();
--
Thanks.
.
- Follow-Ups:
- References:
- Re: How to get the correct SID format so I can search with it?
- From: Joe Kaplan \(MVP - ADSI\)
- Re: How to get the correct SID format so I can search with it?
- From: Pucca
- Re: How to get the correct SID format so I can search with it?
- Prev by Date: Re: How to get the correct SID format so I can search with it?
- Next by Date: LsaRetrievePrivateData fails withSTATUS_UNKNOWN_REVISION
- Previous by thread: Re: How to get the correct SID format so I can search with it?
- Next by thread: Re: How to get the correct SID format so I can search with it?
- Index(es):
Relevant Pages
|
