Props to Gil, too. Noted that he asked the same
question. Don't want anyone to go without due credit (sucking up for
smarta$$ South-West comments at Gil and Roger's
expense.....)
Best part is - Roger is getting dissed and isn't even here
yet to defend himself yet. But, then - he doesn't know us yet. We
don't care if you're here on or. Flame on!
>:-)
Rick Kingslan MCSE, MCSA, MCT
Microsoft MVP - Active
Directory
Associate Expert
Expert Zone -
www.microsoft.com/windowsxp/expertzone
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 1:53 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Rick,
You found the solution to my problem. LDP
version 3.0 worked flawlessly. Jimmy's solution will not work with any
other.
Thanks
Yves
From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Jimmy, What version of OS and version of LDP are you doing this on? I can't get it to work either - and I'm using the Builtin Group SIDS. I would suspect that I should get a consistent return on those, but I'm getting a BAD_NAME error. ???? Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson Sent: Monday, August 25, 2003 9:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute I've tried it again and again.... With different SIDs on existing objects, and it works every time for me. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Monday, August 25, 2003 4:02 PM To: [EMAIL PROTECTED] Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work. I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user. Thanks Y ________________________________ From: Jimmy Andersson Sent: Fri 22/08/2003 5:03 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) Don't forget the '<' and '>' on the SID, you might also need to put in the '-' symbol within the SID itself. Also you might need to check in the control 'Return deleted objects' if the object exist in the Deleted Object container. You'll find the controls in Search - Options - Controls. You also might need to Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 9:58 PM To: [EMAIL PROTECTED] Tony, I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first). In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69" In the Filter field I type in "(&(ObjectCategory=*))" My scope is set to Subtree. I clicked on Run. The ObjectSID was a cut and paste from my attribute. I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=. Any help would be appreciated. Thanks Y ________________________________ From: Tony Murray Sent: Fri 22/08/2003 10:02 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute It's not really using an attribute as your Base DN. The starting point for a search can be SID, GUID or DN. It works as Jimmy describes below. Tony ---------- Original Message ---------------------------------- From: AD <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 09:26:36 -0400 I never heard of using an attribute as your BaseDN. If this worked for you I really would like to know how you did it. Thanks Y From: Jimmy Andersson Sent: Thu 21/08/2003 7:34 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute Why not use LDP and set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/