Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

I have a SID of a user account, and I want the SIDs of the groups it belongs to

Tags:

c#

wmi

wql

This has to be obtained from a remote machine. The following query works not for SIDs, but for group and account names.

"SELECT GroupComponent FROM Win32_GroupUser WHERE PartComponent = \"Win32_UserAccount.Domain='" + accountDomain + "',Name='" + accountName + "'\""

The Win32_Group objects it returns come in the forms of strings, and they only have domain and name (even though Win32_Group has a SID property).

I have this sinking feeling I'll have to:

  1. Turn the SID into an account name by querying Win32_SID;
  2. Perform the query above;
  3. Turn each of the resulting group names into SIDs by querying Win32_Group.
like image 376
JCCyC Avatar asked Mar 22 '10 19:03

JCCyC

People also ask

How do I get my AD group name from SID?

The Get-ADGroup cmdlet gets a group or performs a search to retrieve multiple groups from an Active Directory. The Identity parameter specifies the Active Directory group to get. You can identify a group by its distinguished name (DN), GUID, security identifier (SID), or Security Accounts Manager (SAM) account name.

Do security groups have SID?

Each account or group, or each process that runs in the security context of the account, has a unique SID that's issued by an authority, such as a Windows domain controller. The SID is stored in a security database.

How do I find the SID of a security group?

SID (Security IDentifier) is a unique id number assigned to each user on windows computer, group or computer on domaindomainA Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controllers.https://en.wikipedia.org › wiki › Windows_domainWindows domain - Wikipedia-controlled network. You can get current user SID in Active Directory using PowerShell Get-LocalUser cmdlet or ad user SID using Get-ADUser cmdlet in PowerShell.

1 Answers

Can you use the System.DirectoryServices.AccountManagement namespace classes?

using (var context = new PrincipalContext( ContextType.Domain ))
{
    using (var user = UserPrincipal.FindByIdentity( context, accountName ))
    {
        var groups = user.GetAuthorizationGroups();
        ...iterate through groups and find SIDs for each one
    }
}

It should work with ContextType.Machine, though you'd need to specify the machine name and have appropriate privileges.

using (var context = new PrincipalContext( ContextType.Machine,
                                           "MyComputer",
                                           userid,
                                           password ))
{
   ...
}

There's a nice MSDN article (longish, though) on using the new .NET 3.5 account management namespace.

like image 54
tvanfosson Avatar answered Oct 19 '22 02:10

tvanfosson
Sign in to Comment

Related questions

Form resources usage for programmatic strings?
Extension method for fill rectangular array in C#
Presenting xml validation errors
What is the OracleType of ROWNUM
Separator in ListView (WPF)?
What is the Silverlight's FindElementsInHostCoordinates equivalent in WPF?
C# mysql connection practices
routing legacy asp.net links in an asp.net mvc project
How to mark .NET objects exposed to COM-interop as single threaded?
WPF: Removing "yourself" from the parent container
MySQL Split to use in "SELECT WHERE IN" statement
C# Detecting Spawned Processes
ASP.Net MVC 1.0 in Visual Studio 2010
Object Initializer and Dynamically specifying properties
Viewstate variable lost on user control loaded dynamically
Good Websites/Blogs/Books to know about Memory Efficient C# Programming [closed]
check output in MSTest unit test
XmlSerializer is throwing InvalidOperationException when using the generic type constraint where
Cross-platform embedded database/key-value store for C#
How to know if all the Thread Pool's thread are already done with its tasks?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!