Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I generate a custom SID?

Tags:

I need to generate custom SIDs for users in my web application for use with Microsoft AzMan. What is the best way to do this? What do I need to know before doing this?

This is what I'm thinking, but I'm not sure if I'm missing something:

S-1-9-1234-{user_id + 1000}

S-{first revision}-{resource manager authority}-{domain (unique number for the specific app)}-{unique id for user}

UPDATE: Changed to resource manager authority because of David Crawford's blog entry: http://blogs.msdn.com/dc995/archive/2006/08/23/715021.aspx

like image 951
Max Schmeling Avatar asked Mar 05 '10 18:03

Max Schmeling

People also ask

Does renaming computer change SID?

Note that just changing the computer name or adding the computer to a different domain does not change the computer SID. Changing the name or domain only changes the domain SID if the computer was previously associated with a domain.

How do I change SID?

It is not possible to change the SID by standard means, but the software adsiedit will allow you to make changes. The SID will also change if the related object is created in one domain (and the domain identifier becomes part of the object's SID) and is then migrated to another domain.

How many characters in a SID?

SID is a string with a maximum length of 256 characters. For information on how to determine the security identifier for an Active Directory user account using PowerShell, see this Microsoft Web site.

How do I change SID after cloning Windows 10?

To change a SID, you must use the Windows utility Sysprep (System Preparation Tool). This is the only method that is supported by Microsoft. For more information on using Sysprep, see this Microsoft article: How to Use Sysprep: An Introduction.

1 Answers

As I found from the MSDN's Developing Applications Using Windows Authorization Manager article:

When creating custom SIDs you must establish a SID design for your application. For example, you might have S-1-9-AppInstanceGUID-UserGuid, where 9 is the resource manager sub-authority and AppInstanceGUID and UserGUID are each broken into four sub-authorities. You can also use S-1-9-AppInstanceGuid-UserRID, where UserRID is a unique number for the user in the scope of the application instance. If you want to use custom groups you can create a SID for each group using either of these techniques. For sample code that generates a GUID, see the Microsoft Windows Software Development Kit (SDK).

So it looks like the AzMan allows you generate SID in the way it fits most to your needs. And the only thing you need is to make sure that SIDs generated for semantically different users are unique. (Even if generated on different machines.)

like image 80
Regent Avatar answered Sep 28 '22 07:09

Regent
Sign in to Comment

Related questions

What happens when I load an assembly?
What is the first language to have inline commands in HTML code?
Access a control's Text property after parent form Dispose()'d?
Is iteration necessary in the following piece of code?
Programmatic Control of Firefox
Plot Equations using Javascript (or anything client side)
$_GET encoding problem with cyrillic text
Random text generator
How to access and work with XML from API in C#
Where is the "Publish" operation on Visual Studio 2003?
How to search the file contents in multiple subversion repositories?
How long will an ASP.NET MVC application run

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!