|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Getting User Information from a SIDI have to get some user information based on his SID. I have tried the code below, and it somewhat works. The adUser contains some information but most of it returns a COMException. I am mostly interested in the Name property, and in this case it returns "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" Is there anyone out there with an idea? please!! :-) Regards Martin staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; // Get the hex form of the SID SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); byte [ ] binarySID = new byte [ sec.BinaryLength ]; sec.GetBinaryForm ( binarySID, 0 ); string hexSid = ""; foreach ( byte aByte in binarySID ) { hexSid += aByte.ToString ( "X2" ); } // Create the LDAP string to addres the user based on his fully qualified user name. string ldapPath = "LDAP://<SID=" + hexSid + ">"; // Get the object from the directory DirectoryEntry directoryEntry = new System.DirectoryServices.DirectoryEntry ( ldapPath); // Cast the directory entry into a directory user. ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; adUser.GetInfo ( ); What's the COMException and stack trace? That LDAP "SID" distinguished name
format should work fine. One thing to know though is that AD in 2003 can take the SDDL format as well: <SID=S-1-5-xxxx> To read the name attribute from AD for that object, you should be able to do: string name = (string) entry.Properties["name"].Value; There is no need to use the NativeObject or GetInfo anything like that for this. Joe K. <martinpare258@community.nospam> wrote in message Show quoteHide quote news:%23zkn03VjFHA.2152@TK2MSFTNGP14.phx.gbl... > Hi, > I have to get some user information based on his SID. > > I have tried the code below, and it somewhat works. The adUser contains > some information but most of it returns a COMException. > > I am mostly interested in the Name property, and in this case it > returns "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" > > Is there anyone out there with an idea? please!! :-) > > Regards > Martin > staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; > > // Get the hex form of the SID > > SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); > > byte [ ] binarySID = new byte [ sec.BinaryLength ]; > > sec.GetBinaryForm ( binarySID, 0 ); > > string hexSid = ""; > > foreach ( byte aByte in binarySID ) > > { > > hexSid += aByte.ToString ( "X2" ); > > } > > // Create the LDAP string to addres the user based on his fully qualified > user name. > > string ldapPath = "LDAP://<SID=" + hexSid + ">"; > > // Get the object from the directory > > DirectoryEntry directoryEntry = new > System.DirectoryServices.DirectoryEntry ( ldapPath); > > // Cast the directory entry into a directory user. > > ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; > > adUser.GetInfo ( ); > > > > > > Hi Joe,
I am not in an 2003-AD and my code should support pre-2003 and post. I'll try to read the property like you suggest, I'll keep you posted. One thing I forgot to mention is that I am using .Net 2.0 -Martin Show quoteHide quote "Joe Kaplan (MVP - ADSI)" <joseph.e.kap***@removethis.accenture.com> wrote in message news:eczmHYXjFHA.3756@TK2MSFTNGP15.phx.gbl... > What's the COMException and stack trace? That LDAP "SID" distinguished > name format should work fine. > > One thing to know though is that AD in 2003 can take the SDDL format as > well: > <SID=S-1-5-xxxx> > > To read the name attribute from AD for that object, you should be able to > do: > > string name = (string) entry.Properties["name"].Value; > > There is no need to use the NativeObject or GetInfo anything like that for > this. > > Joe K. > > <martinpare258@community.nospam> wrote in message > news:%23zkn03VjFHA.2152@TK2MSFTNGP14.phx.gbl... >> Hi, >> I have to get some user information based on his SID. >> >> I have tried the code below, and it somewhat works. The adUser >> contains some information but most of it returns a COMException. >> >> I am mostly interested in the Name property, and in this case it >> returns "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" >> >> Is there anyone out there with an idea? please!! :-) >> >> Regards >> Martin >> staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; >> >> // Get the hex form of the SID >> >> SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); >> >> byte [ ] binarySID = new byte [ sec.BinaryLength ]; >> >> sec.GetBinaryForm ( binarySID, 0 ); >> >> string hexSid = ""; >> >> foreach ( byte aByte in binarySID ) >> >> { >> >> hexSid += aByte.ToString ( "X2" ); >> >> } >> >> // Create the LDAP string to addres the user based on his fully qualified >> user name. >> >> string ldapPath = "LDAP://<SID=" + hexSid + ">"; >> >> // Get the object from the directory >> >> DirectoryEntry directoryEntry = new >> System.DirectoryServices.DirectoryEntry ( ldapPath); >> >> // Cast the directory entry into a directory user. >> >> ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; >> >> adUser.GetInfo ( ); >> >> >> >> >> >> > > Hello martinpare258@community.nospam,
is that 2.0 code? if yes.. does NTAccount acc = (NTAccount)sec.Translate(typeof(NTAccount)); string account = acc.Value; work for you? --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Hi, > I have to get some user information based on his SID. > I have tried the code below, and it somewhat works. The adUser > contains some information but most of it returns a COMException. > > I am mostly interested in the Name property, and in this case it > returns > "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" > > Is there anyone out there with an idea? please!! :-) > > Regards > Martin > staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; > // Get the hex form of the SID > > SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); > > byte [ ] binarySID = new byte [ sec.BinaryLength ]; > > sec.GetBinaryForm ( binarySID, 0 ); > > string hexSid = ""; > > foreach ( byte aByte in binarySID ) > > { > > hexSid += aByte.ToString ( "X2" ); > > } > > // Create the LDAP string to addres the user based on his fully > qualified user name. > > string ldapPath = "LDAP://<SID=" + hexSid + ">"; > > // Get the object from the directory > > DirectoryEntry directoryEntry = new > System.DirectoryServices.DirectoryEntry ( ldapPath); > > // Cast the directory entry into a directory user. > > ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; > > adUser.GetInfo ( ); > I am impressed! It works.
Thank you! Where can I read more about these fun .Net classes? I am used to doing things using the Win32 API. Thank you again! -Martin Show quoteHide quote "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> wrote in message news:623658632574972368359280@news.microsoft.com... > Hello martinpare258@community.nospam, > > is that 2.0 code? if yes.. > > does > NTAccount acc = (NTAccount)sec.Translate(typeof(NTAccount)); > string account = acc.Value; > > work for you? > > > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > >> Hi, >> I have to get some user information based on his SID. >> I have tried the code below, and it somewhat works. The adUser >> contains some information but most of it returns a COMException. >> >> I am mostly interested in the Name property, and in this case it >> returns >> "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" >> >> Is there anyone out there with an idea? please!! :-) >> >> Regards >> Martin >> staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; >> // Get the hex form of the SID >> >> SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); >> >> byte [ ] binarySID = new byte [ sec.BinaryLength ]; >> >> sec.GetBinaryForm ( binarySID, 0 ); >> >> string hexSid = ""; >> >> foreach ( byte aByte in binarySID ) >> >> { >> >> hexSid += aByte.ToString ( "X2" ); >> >> } >> >> // Create the LDAP string to addres the user based on his fully >> qualified user name. >> >> string ldapPath = "LDAP://<SID=" + hexSid + ">"; >> >> // Get the object from the directory >> >> DirectoryEntry directoryEntry = new >> System.DirectoryServices.DirectoryEntry ( ldapPath); >> >> // Cast the directory entry into a directory user. >> >> ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; >> >> adUser.GetInfo ( ); >> > > > Beta 2 came with an MSDN distro that has docs for the new functions. I'm
not sure if the samples are up to snuff yet, but you could start there. If you can get by with the SecurityIdentifier and NTAccount classes for what you need, then by all means use them. Messing with LDAP is best avoided if there is a more simple approach available. If you need to get more attributes out of AD than what those classes support, you'll still need to do the LDAP stuff to look it up though. Joe K. <martinpare258@community.nospam> wrote in message Show quoteHide quote news:O$pDD6gjFHA.3144@TK2MSFTNGP12.phx.gbl... >I am impressed! It works. > Thank you! > > Where can I read more about these fun .Net classes? I am used to doing > things using the Win32 API. > > Thank you again! > > -Martin > "Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com> > wrote in message news:623658632574972368359280@news.microsoft.com... >> Hello martinpare258@community.nospam, >> >> is that 2.0 code? if yes.. >> >> does >> NTAccount acc = (NTAccount)sec.Translate(typeof(NTAccount)); >> string account = acc.Value; >> >> work for you? >> >> >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >> >>> Hi, >>> I have to get some user information based on his SID. >>> I have tried the code below, and it somewhat works. The adUser >>> contains some information but most of it returns a COMException. >>> >>> I am mostly interested in the Name property, and in this case it >>> returns >>> "<SID=0105000000000005150000005F13F2099152550794696F4D610C0000>" >>> >>> Is there anyone out there with an idea? please!! :-) >>> >>> Regards >>> Martin >>> staffMemberSid = "S-1-5-21-166859615-123032209-1299147156-3169"; >>> // Get the hex form of the SID >>> >>> SecurityIdentifier sec = new SecurityIdentifier ( staffMemberSid ); >>> >>> byte [ ] binarySID = new byte [ sec.BinaryLength ]; >>> >>> sec.GetBinaryForm ( binarySID, 0 ); >>> >>> string hexSid = ""; >>> >>> foreach ( byte aByte in binarySID ) >>> >>> { >>> >>> hexSid += aByte.ToString ( "X2" ); >>> >>> } >>> >>> // Create the LDAP string to addres the user based on his fully >>> qualified user name. >>> >>> string ldapPath = "LDAP://<SID=" + hexSid + ">"; >>> >>> // Get the object from the directory >>> >>> DirectoryEntry directoryEntry = new >>> System.DirectoryServices.DirectoryEntry ( ldapPath); >>> >>> // Cast the directory entry into a directory user. >>> >>> ActiveDs.IADsUser adUser = ( IADsUser ) directoryEntry.NativeObject; >>> >>> adUser.GetInfo ( ); >>> >> >> >> > > 
Other interesting topics
Import RSA parameters from .PEM format
CryptoAPI, System.Security.Cryptography Interoperability Authenticate User in Windows 2000 machine .NET 2.0 Membership "role context" Weird registry behavior when writing to custom event log IsInRole & SID/Token Caching in .NET v1.1 Get an unauthenticated windowsIdentity? Cryptography implementation using memeorystream Export and Import RSA Key Container Configuration Error |
|||||||||||||||||||||||
