Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Display domain\user from SID (Exchange 55)

Status
Not open for further replies.

sn0rg

IS-IT--Management
Aug 5, 2005
95
GB
I'm trying to audit our Exchange 55 environment as part of a migration (finally) to E2k3.

One of the jobs I'm doing means I want to know what accounts are permissioned against mailboxes, so I'm using an LDAP query that returns the SID of Assoc-NT-Account.

I've got ADsSecurity.dll installed, but can't get the syntax/code right to resolve the SID as a readable username.

I've been all over the web, but can only find refences on how to use this tool to convert the other way (string to SID). Can anyone help convert a SID to a string in VBS?
 
Try this. It is doing the reverse of what you might see more frequently.
[tt]
const ADS_SID_HEXSTRING=1
const ADS_SID_WINNT_PATH=5
const ADS_SID_ACTIVE_DIRECTORY_PATH=6

[green]'this is the given, basid obtained one-way or another
'suppose omailbox object, and basid is got straight from the object
omailbox.GetInfoEx Array("Assoc-NT-Account"), 0
basid=omailbox.Get("Assoc-NT-Account")[/green]

set osid=createobject("ADsSid")
osid.SetAs ADS_SID_HEXSTRING, basid
adspath=osid.GetAs(ADS_SID_WINNT_PATH)
[/tt]
 
Thanks tsuji,

I'm using the code below, but the line in red crashes with <null> : catastrophic failure at character 7.

Code:
Dim basid
Const ADS_SID_RAW = 0
Const ADS_SID_HEXSTRING = 1
Const ADS_SID_SAM = 2
Const ADS_SID_UPN = 3
Const ADS_SID_SDDL = 4
const ADS_SID_WINNT_PATH = 5
const ADS_SID_ACTIVE_DIRECTORY_PATH = 6

basid = oRS.Fields("Assoc-NT-Account")
oSid = CreateObject("ADsSid")
[COLOR=red]oSid.SetAs ADS_SID_HEXSTRING, basid[/color]
strSid = oSid.GetAs(ADS_SID_SAM)

WScript.Echo strSid
 
Sorry! I'd jumpted a step to transform it to an hex_string. Try this instead.
[tt]
basid = oRS.Fields("Assoc-NT-Account")
[blue]hssid=""
for i=0 to ubound(basid)
hssid=hssid & right("0" & hex(ascb(midb(ossid,i+1,1))),2)
next[/blue]
oSid = CreateObject("ADsSid")
oSid.SetAs ADS_SID_HEXSTRING, [red]hssid[/red]
strSid = oSid.GetAs(ADS_SID_SAM)
[/tt]
 
Thanks - ossid (in the for/next routine) is not defined anywhere though - I assume you mean basid?

Even so, if I run the code below I get the same error while doing the last line: <null> : catastrophic failure at character 7

Code:
basid = oRS.Fields("Assoc-NT-Account")

hssid=""
for i=0 to ubound(basid)
    hssid=hssid & right("0" & hex(ascb(midb([COLOR=red]basid[/color red],i+1,1))),2)
next   

set oSid = CreateObject("ADsSid")
oSid.SetAs ADS_SID_HEXSTRING, hssid
 
Monitor the typename of basid.
[tt]wscript.echo typename(basid)[/tt]
 
It reports "Byte()"

Code:
basid = oRS.Fields("Assoc-NT-Account")
wscript.echo typename(basid)
 
It looks fine with Byte(), absolutely need that.
 
Looking at the output of hssid, it doesn't look like a Hex string - there are no letters in it. Certainly the value echoed out doesn't match the Hex version of the string displayed via the Exchange 5.5 Admin tool (using Raw mode).

Any thoughts? (thanks for help so far)
 
The important is to get the output rs("assoc-nt-account") right. You do get the right type of output and that's great. The rest I think you can handle it by bootstrap to test out the exact behaviour of the security dll.

This is how you do it.
[1] Bind to your own user object, with WinNT provider and your samaccountname. This is simpler. You can use simple the wshnetwork object to get the username and userdomain and get an instance of your own sid (byte()) variable type.
[tt]
set wshnetwork=createobject("wscript.network")
snbdom=wshnetwork.userdomain
suser=wshnetwork.username
sadspath_winnt="WinNT://" & snbdom & "/" & suser
set ouser=getobject(sadspath_winnt)
basid=ouser.objectsid
[/tt]
[2] On the other hand, with sadspath_winnt, you can retrieve you sid in hex_string output.
[tt]
set osid=createobject("adssid")
osid.setas ADS_SID_WINNT_PATH,sadspath_winnt
hssid=osid.getas(ADS_SID_HEXSTRING)
[/tt]
[3] Now that you're in a position to verify the format of hssid now (its typename, etc...)? and check it out if it is in agreement with the basid transformed as shown above. If it is a mis-comprehension of the syntax, probe into the format of the output here hssid.

After this checking and verifying, you would be very close to have the matter resolved and draw enough lesson out of it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top