Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Given a user's SID, how can I get the AD DirectoryEntry?

Tags:

sid

directoryentry

I have the user's SID as byte[] within windowsPrincipal.getIdentity().getSid(). How can I get an Active Directory entry (DirectoryEntry) from the SID?

like image 780
mtm Avatar asked Aug 17 '11 08:08

mtm

People also ask

Can you search ad by Sid?

Searching Active Directory by SID using PowerShell The IncludeDeletedObjects parameter allows you to search for deleted objects in the Active Directory Recycle Bin. In our case, the AD object with the specified SID is a domain computer (see the objectClass attribute).

How do I convert SID to username?

You can use the command line (cmd) to convert SID to username using the wmic command. Using the wmic command to get user account, specify the user SID in the where clause to get a user from SID.

How do I find the SID of a PowerShell user?

SID (Security IDentifier) is a unique id number assigned to each user on windows computer, group or computer on domain-controlled network. You can get current user SID in Active Directory using PowerShell Get-LocalUser cmdlet or ad user SID using Get-ADUser cmdlet in PowerShell.

2 Answers

The easiest way I've found is using LDAP binding. Similar to what Nick Giles said. More info at MSDN

''' <summary>
''' Gets the DirectoryEntry identified by this SecurityIdentifier.
''' </summary>
''' <param name="id">The SecurityIdentifier (SID).</param>
<System.Runtime.CompilerServices.Extension()> _
Public Function GetDirectoryEntry(ByVal id As SecurityIdentifier) As DirectoryEntry
    Const sidBindingFormat As String = "LDAP://AOT/<SID={0}>"

    Return New DirectoryEntry(String.Format(sidBindingFormat, id.Value))
End Function
like image 76
j.i.h. Avatar answered Sep 23 '22 15:09

j.i.h.

This can also be done in PowerShell, as long as you have .Net 3.5 or 4.0 available (see https://gist.github.com/882528 if you don't by default)

add-type -assemblyname system.directoryservices.accountmanagement
$adPrincipalContext = 
    New-Object System.DirectoryServices.AccountManagement.PrincipalContext( 
    [System.DirectoryServices.AccountManagement.ContextType]::Domain)
$user = [system.directoryservices.accountmanagement.userprincipal]::findbyidentity(
    $adPrincipalContext
    , [System.DirectoryServices.AccountManagement.IdentityType]::Sid
    , "S-1-5-21-2422933499-3002364838-2613214872-12917")
$user.DisplayName
$user.DistinguishedName
like image 29
LeBleu Avatar answered Sep 23 '22 15:09

LeBleu
Sign in to Comment

Related questions

Force local user to change password at next login with C#
How to set AccountExpires in VB.NET via a AD DirectoryEntry
How to get a list of all domains?
Impersonation and DirectoryEntry
How to change System.DirectoryEntry "uSNChanged" attribute value to an Int64
How to know if my DirectoryEntry is really connected to my LDAP directory?
How I can find a User with the GUID(objectGUID) Parameter in Active Directory
Change AD user Terminal Server properties with C#
How do I query LDAP from C# to resolve Oracle TNS hostname while using managed ODP.NET?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!