Getting SID of users

Question

I’m writing an application on Windows XP which gives the SID of user.

With the valid token handle, when I call GetTokenInfomation API with TokenUser as a second parameter then every time & for all user account I get Valid SID in PTOKEN_USER structure variable.

Valid Sid => Sid is S-1-5-21-1121170692-2157880286-4158546613-1000

Here RID is => 1000

But when I use NetQueryDisplayInformation API with NET_DISPLAY_USER as a information level (second parameter) then I get NET_DISPLAY_USER structure as a out Parameter.

User123 is my one account which has the administrative rights.

With the help of NET_DISPLAY_USER structure when I call to LookupAccountName API with variable of NET_DISPLAY_USER.usri1_name as a name of the user account then for a User123 account I get SID without RID.

e.g. Like this => Sid is S-1-5-21-1121170692-2157880286-4158546613

For other account with same procedure gives me the correct SID i.e. SID with RID

e.g. Valid Sid => Sid is S-1-5-21-1121170692-2157880286-4158546613-1000

Please provide me any pointers for returning SID without RID in second case.

Answer 1

AFAIK you cannot have a (valid) user SID without that final RID so something must be wrong with the lookup. Are you sure your call to LookupAccountName succeeds? What is the value of your SID_NAME_USE after a successful call to LookupAccountName?

A comment on MSDN indicates that LookupAccountName will return the wrong value if the user name and machine name are the same but I assume your machine is not called "User123".

Please provide me any pointers for returning SID without RID in second case.

Are you sure you really want this? If you do you can just convert to string, chop off the last "-xxx" part and convert back but I don't think I would pass that SID to any other function since it might not be valid. (And only do it when the SID_NAME_USE you got is SidTypeUser)