You
know after rereading this thread I realize that they weren't doing a SID BIND...
They were doing a Search with a BASEDN of a SID. That isn't something I have
seen... I saw the formatting of the string and associated it with a SID Bind and
went on my merry way... So I am now wondering all sorts of things... Not that
doing a base dn of a SID will be extremely useful or at least I can't see it as
such except for maybe for vbscript or other script languages that don't support
decent LDAP search calls and you have to muck around in ADO.
So the
SID Bind part I was talking about is part of ADSI, the SID BaseDN thing is I
don't know what though I wonder if LDP just changes it to a direct Bind. I guess
it would take a network trace of it going to see what it really ends up doing.
If my lab wasn't in complete disarray right now I would take a swing at that.
However it is and I ain't... No research in this lab until I can flop down in
the bean bag couch on the floor with my books and connect to the world via High
Speed... I hate dialup. (Note Read this slowly so my 26.4k connection
doesn't stumble...).
joe
-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Monday, August 25, 2003 5:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeNo problem, you wrote the good book, I simply mention it.SID Bind is like the GUID bind using the LDAP provider of ADSI. Only part of ADSI 2.5+ I believe. I am not the big consumer of ADSI, just recall running into it several times, google for "LDAP://<SID=" for code examples.-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, August 25, 2003 1:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeHey Joe,Wow, thanks for the compliment dude.Is the SID bind part of the ADSI ADsPath syntax, or is it something supported in LDP? I haven't seen it before as part of ADSI.-gGil Kirkpatrick
CTO, NetPro-----Original Message-----
From: Joe [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 23, 2003 7:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeThis is an adsi thing and is called a SID Bind, you can also do a GUID bind in a similar manner. If you are using LDAP API instead of ADSI you need to encode the sid back into an octet string and do the search with it. Check out Gil Kirkpatrick's Programming Active Directory as he has some good info on this type of schtuff. Actually if you are doing any AD programming, get that book. Gil rocks. :opjoe-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeI never heard of using an attribute as your BaseDN.If this worked for you I really would like to know how you did it.ThanksY
From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attributeWhy not use LDP and set it like this: Base DN <SID=S-1-5-21-709049380-3306950797-3746505139> Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards, /Jimmy ------------------------------------- Jimmy Andersson, Q Advice AB CEO & Principal Advisor Microsoft MVP - Active Directory ---------- www.qadvice.com ---------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Sent: Friday, August 22, 2003 12:35 AM To: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID? My query looks like this: (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124 32412344)) Doesn't return anything. I know the sid must converted but I am not sure what format it should be in. Thanks Y List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
