Re: is there a simple to get "userid" in a windows domain?
From: Eric Fitzgerald [MSFT] (ericf_at_online.microsoft.com)
Date: 08/05/03
- Next message: Jason: "Re: Message attacks"
- Previous message: Ken: "Message attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 4 Aug 2003 18:01:09 -0700
Hey David, here's a script I use to enumerate owners of AD objects. I
suspect a minor change to the way I access ntSecurityDescriptor would give
you what you want.
----------------
'Create connection and command object
Set con = CreateObject("ADODB.Connection")
Set com = CreateObject("ADODB.Command")
'Open the connection
con.Provider = "ADsDSOObject" 'this is the ADSI OLE-DB provider name
con.Open "Active Directory Provider"
'Create a command object for this connection
Set Com.ActiveConnection = con
'Set the search command properties (setting page size allows returning more
than the default number of results)
com.Properties("Page Size") = 100
'Compose a search string
com.CommandText = "select name,ADsPath from 'LDAP://DC=yourdomain,DC=com'
WHERE objectClass='computer'"
'Execute the query
Set rs = Com.Execute
'Navigate the record set
While Not rs.EOF
set machine = GetObject(rs.Fields("ADsPath"))
set sd = machine.Get("ntSecurityDescriptor")
wscript.echo rs.Fields("name") & "," & sd.Owner
rs.MoveNext
Wend
----------
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing Microsoft Corporation The above message is provided "AS-IS" with no warranties, and confers no rights. "david epsom dot com dot au" <david@epsomdotcomdotau> wrote in message news:#T46g5nRDHA.2252@TK2MSFTNGP12.phx.gbl... > hmmmmmm (newby question). I'm still using security API code > to get the User SID. Is it possible to get a User SID from > the ADSI scripting object? I haven't found it yet, but I > don't know where I'm looking. > > (david) > > > "Eric Fitzgerald [MSFT]" <ericf@online.microsoft.com> wrote in message > news:uoW1GNlRDHA.560@TK2MSFTNGP10.phx.gbl... > > This is a very good question. Every security principal (account or group) > > in AD has a SID (security identifier), and you should use the SID rather > > than the account names when referring to the account. > > > > Here's a link to an article demonstrating how to use ADSI from VBScript: > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/users.asp?frame=true > > > > The SID of the security principal is the objectSid property, described in > > the schema reference: > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad/adam_a_objectsid.asp > > > > Eric > > > > -- > > Eric Fitzgerald > > Program Manager, Windows Auditing > > Microsoft Corporation > > > > The above message is provided "AS-IS" with no warranties, and confers no > > rights. > > > > "Sven Erik Matzen" <sven.matzen@ppepro.com> wrote in message > > news:OAu#WhhRDHA.2408@TK2MSFTNGP10.phx.gbl... > > > Hi, > > > > > > I want to "link" a collection of properties for users stored in a > database > > > to NT accounts (later we will change to ActiveDirectory (AD), but I > don't > > > know when). My problem is: is there a unique number for an account that > I > > > can store beside my records inside the database that will identify a > user > > > account in my nt domain? And if so, what will be when we change to AD? > > > I also need such an ID for the "account groups" (like "domain admins"). > > When > > > there are some API I can use to get such IDs it would be nice if they > can > > > easily be used from VB6 ;) (we also are migrating to .NET, but in some > > > projects this will take some years ...). > > > > > > Sven > > > > > > > > > > > >
- Next message: Jason: "Re: Message attacks"
- Previous message: Ken: "Message attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
