Re how can I find the domain name if I have the domain sid

Document Sample
Re how can I find the domain name if I have the domain sid Powered By Docstoc
					                      Re: how can I find the domain name if I have the domain sid?

Re: how can I find the domain name if I have the
domain sid?

Source: http://www.derkeiler.com/Newsgroups/microsoft.public.dotnet.security/2008−07/msg00007.html



      • From: Pucca <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx>
      • Date: Wed, 2 Jul 2008 17:58:00 −0700

The following code is what I have so far for trying to get the domain name
from passing in a user's objectSid. Can you elaborate on how to use the sid
DN to build the path so I can get the DirectoryEntry object for the user sid
that is passed in, from the code I have so far? Is that possible? Thank you.

public static string GetDominName(string sid)
{
string childSidKey = null;

childSidKey = sid;
SecurityIdentifier sdSID = new SecurityIdentifier(childSidKey);

SecurityIdentifier domainSid = sdSID.AccountDomainSid;
Domain domain;

NTAccount account = (NTAccount)sdSID.Translate(typeof(NTAccount));


string name = account.Value.ToString();


if (name != null)
return name;
else
return null;
}
−−
Thanks.


"Joe Kaplan" wrote:


        P/Invoke, yes. Note that you still need to bind to something to be able to
        resolve the name, so if the SID is from a trusted forest, you would bind to
        a DC in the current forest and then DsCrackNames would use the trust to do
        the translation. If the SID is from some random forest with no trust path,
        I don't think you can determine this.

Re: how can I find the domain name if I have the domain sid?                                         1
                   Re: how can I find the domain name if I have the domain sid?


       You can convert from SecurityIdentifier to DirectoryEntry by using the SID
       DN syntax to build the ADsPath for the DirectoryEntry. You can't go
       straight from NTAccount.

       Joe K.
       −−
       Joe Kaplan−MS MVP Directory Services Programming
       Co−author of "The .NET Developer's Guide to Directory Services Programming"
       http://www.directoryprogramming.net
       −−
       "Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
       news:A6F84194−09D4−4176−8F2C−C41441B141F5@xxxxxxxxxxxxxxxx

              Hi Joe,
              Is there any way to convert the NTAccount type to a DirectoryEntry so I
              can
              extract the user's property of its path in .net 2?
              IADsNameTranslate requires domain name so that won't work. I don't know
              how
              to call DsCrackNames from my C# windows application. PInvoke?
              Thank you.
              −−
              Thanks.


              "Joe Kaplan" wrote:


                      I think you need to call DsCrackNames for this. You could
                      also use
                      IADsNameTranslate as a wrapper.

                      Joe K.
                      −−
                      Joe Kaplan−MS MVP Directory Services Programming
                      Co−author of "The .NET Developer's Guide to Directory
                      Services
                      Programming"
                      http://www.directoryprogramming.net
                      −−
                      "Pucca" <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
                      message
                      news:08291BDB−82EB−4CB5−BDDC−81E1AE95CA1B@xxxxxxxxxxxxxxxx

                              On the 2nd thought, actually, I don't think I
                              can the DirectorySearcher
                              becuase this domain could be from another
                              forest.

                              Besides the Domain sid, I also have the user

Re: how can I find the domain name if I have the domain sid?                            2
                  Re: how can I find the domain name if I have the domain sid?
                            sid. When I convert the
                            user
                            sid to NTAccount and get the name, it only
                            provide the 1st part of the
                            domain
                            name /user name. It doens't give me the full
                            domain name. For
                            example,
                            xxx.yyy.zzz and userA is the user name it
                            would give me "xxx/userA.

                            Is there any way for me to get the full
                            domain name of a domain from
                            any
                            forest using either the domain sid or user
                            sid? Thank you.
                            −−
                            Thanks.


                            "Joe Kaplan" wrote:


                                    Can you create a
                                    SecurityIdentifier and then
                                    call Translate on it to
                                    get
                                    an
                                    NTAccount? I haven't tried
                                    that with a domain SID.

                                    Otherwise, you might have
                                    to search for the object by
                                    its SID with an
                                    LDAP
                                    query (which should be
                                    pretty easy too).

                                    Joe K.
                                    −−
                                    Joe Kaplan−MS MVP
                                    Directory Services
                                    Programming
                                    Co−author of "The .NET
                                    Developer's Guide to
                                    Directory Services
                                    Programming"
                                    http://www.directoryprogramming.net
                                    −−
                                    "Pucca"
                                    <Pucca@xxxxxxxxxxxxxxxxxxxxxxxxx>

Re: how can I find the domain name if I have the domain sid?                     3
                  Re: how can I find the domain name if I have the domain sid?
                                    wrote in message
                                    news:2CC18153−7BC1−4DE8−8068−E3700E279BD5@xxxxxxxxxxxxxxxx

                                           This
                                           domain
                                           could be in
                                           my current
                                           forest or in
                                           a foreign
                                           forst.
                                           The
                                           DirectoryContext
                                           requires
                                           domain
                                           name but I
                                           only have
                                           the domain
                                           side.
                                           How
                                           can I do this
                                           in .net 2,
                                           vs2005,
                                           using C# for
                                           a windows
                                           applicaiton?
                                           Thank
                                           you.
                                           −−
                                           Thanks.




.




Re: how can I find the domain name if I have the domain sid?                          4