RE: [ActiveDir] LDAP query on ObjectSID attribute

[Joe]

Title: Message



42?
 
:op
 
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Gil KirkpatrickSent: Tuesday, September 02, 
  2003 4:39 PMTo: '[EMAIL PROTECTED]'Subject: 
  RE: [ActiveDir] LDAP query on ObjectSID attribute
  We're giving a couple of them away at DEC Ottawa. So all you need to do 
  is show up, answer a ridiculously easy question (e.g. how many CPU clocks are 
  in the best case, non-error instruction path on a DC performing a non-SSL base 
  level search of an existing directory object?), and you get a free 
  book.
   
  -g
   
  Gil KirkpatrickCTO, NetPro
  

-Original Message-From: AD 
[mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:45 
PMTo: [EMAIL PROTECTED]Subject: RE: 
    [ActiveDir] LDAP query on ObjectSID attribute

Would love to get 
is book. Not available from Chapters. ISBN #0672315874.
 
Do you have an extra copy you 
would like to sell?
 
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Monday, 
August 25, 2003 1:03 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute
 

Hey 
Joe,

 

Wow, 
thanks for the compliment dude.

 

Is the 
SID bind part of the ADSI ADsPath syntax, or is it something supported in 
LDP? I haven't seen it before as part of ADSI.

 

-g
Gil 
KirkpatrickCTO, NetPro
-Original 
  Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
  AMTo: 
      [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  
  This 
  is an adsi thing and is called a SID Bind, you can also do a GUID bind in 
  a similar manner. If you are using LDAP API instead of ADSI you need to 
  encode the sid back into an octet string and do the search with it. Check 
  out Gil Kirkpatrick's Programming Active Directory as he has some good 
  info on this type of schtuff. Actually if you are doing any AD 
  programming, get that book. Gil rocks. :op
  
   
  
   
  
    
  joe
  
   
  
   
  
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
AMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute


I never heard 
of using an attribute as your BaseDN. 

 

If this worked 
for you I really would like to know how you did 
it.

 

Thanks

 

Y

 



From: 
Jimmy AnderssonSent: 
Thu 21/08/2003 7:34 PMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor&n
bsp; Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks
 like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   <
/FONT>Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Carlos Magalhaes]

Title: Message








Ok next question please ... :D
something more "world wide" for us that live in the far corners of
the earth

 









From: Jan Wilson
[mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 03, 2003
2:13 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] LDAP
query on ObjectSID attribute



 



>>> 





We're giving a couple of them away at DEC
Ottawa. So all you need to do is show up, answer a ridiculously easy question
(e.g. how many CPU clocks are in the best case, non-error instruction path on a
DC performing a non-SSL base level search of an existing directory object?),
and you get a free book.





 





 





 





>>And a hard
question might be???





 





 





name the prime minister of Canada< lt;>









-
This email and any files transmitted are
confidential and intended solely for the
use of the individual or entity to which
they are addressed, whose privacy
should be respected.  Any views or
opinions are solely those of the author
and do not necessarily represent those
of the Trencor Group, or any of its
representatives, unless specifically
stated.  

Email transmission cannot be guaranteed
to be secure, error free or without virus
contamination.  The sender therefore
accepts no liability for any errors or
omissions in the contents of this message,
nor for any virus infection that might result
from opening this message.  Trencor is not
responsible in the event of any third party
interception of this email.   

If you have received this email in error please notify
[EMAIL PROTECTED]   For more information about
Trencor, visit www.trencor.net <http://www.trencor.net>

Re: [ActiveDir] LDAP query on ObjectSID attribute

[Jan Wilson]

Title: Message



>>>
We're 
giving a couple of them away at DEC Ottawa. So all you need to do is show up, 
answer a ridiculously easy question (e.g. how many CPU clocks are in the best 
case, non-error instruction path on a DC performing a non-SSL base level search 
of an existing directory object?), and you get a free book.
 
 
 
>>And a hard question might be???
 
 
name the prime minister of Canada< 
lt;>

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Rick Kingslan]

Title: Message



Right.  Undercover Research.  All that ever 
happens when *I* do that is another case of inadequacy and another month of 
therapy.
 
;p
 
Rick 
Kingslan  MCSE, MCSA, MCTMicrosoft MVP - Active DirectoryAssociate 
ExpertExpert Zone - www.microsoft.com/windowsxp/expertzone  



From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Dean 
WellsSent: Tuesday, September 02, 2003 6:47 PMTo: AD 
mailing list (Send)Subject: RE: [ActiveDir] LDAP query on ObjectSID 
attribute

Did 
you make that one up or are you doing some undercover research? 
:)
-- Dean Wells MSEtechnology ( Tel: +1 (954) 
501-4307 * Email: dwells@msetechnology.com http://msetechnology.com 

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Gil 
  KirkpatrickSent: Tuesday, September 02, 2003 4:39 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  We're giving a couple of them away at DEC Ottawa. So all you need to do 
  is show up, answer a ridiculously easy question (e.g. how many CPU clocks are 
  in the best case, non-error instruction path on a DC performing a non-SSL base 
  level search of an existing directory object?), and you get a free 
  book.
   
  -g
   
  Gil KirkpatrickCTO, NetPro
  

-Original Message-From: AD 
[mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:45 
PMTo: [EMAIL PROTECTED]Subject: RE: 
    [ActiveDir] LDAP query on ObjectSID attribute

Would love to get 
is book. Not available from Chapters. ISBN #0672315874.
 
Do you have an extra copy you 
would like to sell?
 
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Monday, 
August 25, 2003 1:03 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute
 

Hey 
Joe,

 

Wow, 
thanks for the compliment dude.

 

Is the 
SID bind part of the ADSI ADsPath syntax, or is it something supported in 
LDP? I haven't seen it before as part of ADSI.

 

-g
Gil 
KirkpatrickCTO, NetPro
-Original 
  Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
  AMTo: 
      [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  
  This 
  is an adsi thing and is called a SID Bind, you can also do a GUID bind in 
  a similar manner. If you are using LDAP API instead of ADSI you need to 
  encode the sid back into an octet string and do the search with it. Check 
  out Gil Kirkpatrick's Programming Active Directory as he has some good 
  info on this type of schtuff. Actually if you are doing any AD 
  programming, get that book. Gil rocks. :op
  
   
  
   
  
    
  joe
  
   
  
   
  
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
AMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute


I never heard 
of using an attribute as your BaseDN. 

 

If this worked 
for you I really would like to know how you did 
it.

 

Thanks

 

Y

 



From: 
Jimmy AnderssonSent: 
Thu 21/08/2003 7:34 PMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor&n
bsp; Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks
 like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   <
/FONT>Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Dean Wells]

Title: Message



Did 
you make that one up or are you doing some undercover research? 
:)
-- Dean Wells MSEtechnology ( Tel: +1 (954) 
501-4307 * Email: dwells@msetechnology.com http://msetechnology.com 

  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]On Behalf Of Gil 
  KirkpatrickSent: Tuesday, September 02, 2003 4:39 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  We're giving a couple of them away at DEC Ottawa. So all you need to do 
  is show up, answer a ridiculously easy question (e.g. how many CPU clocks are 
  in the best case, non-error instruction path on a DC performing a non-SSL base 
  level search of an existing directory object?), and you get a free 
  book.
   
  -g
   
  Gil KirkpatrickCTO, NetPro
  

-Original Message-From: AD 
[mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:45 
PMTo: [EMAIL PROTECTED]Subject: RE: 
    [ActiveDir] LDAP query on ObjectSID attribute

Would love to get 
is book. Not available from Chapters. ISBN #0672315874.
 
Do you have an extra copy you 
would like to sell?
 
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Monday, 
August 25, 2003 1:03 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute
 

Hey 
Joe,

 

Wow, 
thanks for the compliment dude.

 

Is the 
SID bind part of the ADSI ADsPath syntax, or is it something supported in 
LDP? I haven't seen it before as part of ADSI.

 

-g
Gil 
KirkpatrickCTO, NetPro
-Original 
  Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
  AMTo: 
      [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  
  This 
  is an adsi thing and is called a SID Bind, you can also do a GUID bind in 
  a similar manner. If you are using LDAP API instead of ADSI you need to 
  encode the sid back into an octet string and do the search with it. Check 
  out Gil Kirkpatrick's Programming Active Directory as he has some good 
  info on this type of schtuff. Actually if you are doing any AD 
  programming, get that book. Gil rocks. :op
  
   
  
   
  
    
  joe
  
   
  
   
  
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
AMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute


I never heard 
of using an attribute as your BaseDN. 

 

If this worked 
for you I really would like to know how you did 
it.

 

Thanks

 

Y

 



From: 
Jimmy AnderssonSent: 
Thu 21/08/2003 7:34 PMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor&n
bsp; Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks
 like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   <
/FONT>Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[daniel . gilbert]

Title: Message



And a 
hard question might be???

  
  -Original Message-From: Gil Kirkpatrick 
  [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 1:39 
  PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  We're giving a couple of them away at DEC Ottawa. So all you need to do 
  is show up, answer a ridiculously easy question (e.g. how many CPU clocks are 
  in the best case, non-error instruction path on a DC performing a non-SSL base 
  level search of an existing directory object?), and you get a free 
  book.
   
  -g
   
  Gil KirkpatrickCTO, NetPro
  

-Original Message-From: AD 
[mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:45 
PMTo: [EMAIL PROTECTED]Subject: RE: 
    [ActiveDir] LDAP query on ObjectSID attribute

Would love to get 
is book. Not available from Chapters. ISBN #0672315874.
 
Do you have an extra copy you 
would like to sell?
 
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Monday, 
August 25, 2003 1:03 PMTo: 
'[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute
 

Hey 
Joe,

 

Wow, 
thanks for the compliment dude.

 

Is the 
SID bind part of the ADSI ADsPath syntax, or is it something supported in 
LDP? I haven't seen it before as part of ADSI.

 

-g
Gil 
KirkpatrickCTO, NetPro
-Original 
  Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
  AMTo: 
      [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  
  This 
  is an adsi thing and is called a SID Bind, you can also do a GUID bind in 
  a similar manner. If you are using LDAP API instead of ADSI you need to 
  encode the sid back into an octet string and do the search with it. Check 
  out Gil Kirkpatrick's Programming Active Directory as he has some good 
  info on this type of schtuff. Actually if you are doing any AD 
  programming, get that book. Gil rocks. :op
  
   
  
   
  
    
  joe
  
   
  
   
  
-Original 
Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
AMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute


I never heard 
of using an attribute as your BaseDN. 

 

If this worked 
for you I really would like to know how you did 
it.

 

Thanks

 

Y

 



From: 
Jimmy AnderssonSent: 
Thu 21/08/2003 7:34 PMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor
&n
bsp; Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks

 like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   &
lt;
/FONT>Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks  
 Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Gil Kirkpatrick]

Title: Message



We're 
giving a couple of them away at DEC Ottawa. So all you need to do is show up, 
answer a ridiculously easy question (e.g. how many CPU clocks are in the best 
case, non-error instruction path on a DC performing a non-SSL base level search 
of an existing directory object?), and you get a free book.
 
-g
 
Gil KirkpatrickCTO, NetPro

  
  -Original Message-From: AD 
  [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 1:45 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  
  Would love to get is 
  book. Not available from Chapters. ISBN #0672315874.
   
  Do you have an extra copy you 
  would like to sell?
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Gil 
  KirkpatrickSent: Monday, 
  August 25, 2003 1:03 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
  ObjectSID attribute
   
  
  Hey 
  Joe,
  
   
  
  Wow, 
  thanks for the compliment dude.
  
   
  
  Is the 
  SID bind part of the ADSI ADsPath syntax, or is it something supported in LDP? 
  I haven't seen it before as part of ADSI.
  
   
  
  -g
  Gil 
  KirkpatrickCTO, NetPro
  
-Original 
Message-From: Joe 
[mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on 
    ObjectSID attribute

This 
is an adsi thing and is called a SID Bind, you can also do a GUID bind in a 
similar manner. If you are using LDAP API instead of ADSI you need to encode 
the sid back into an octet string and do the search with it. Check out Gil 
Kirkpatrick's Programming Active Directory as he has some good info on this 
type of schtuff. Actually if you are doing any AD programming, get that 
book. Gil rocks. :op

 

 

  
joe

 

 
-Original 
  Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
      on ObjectSID attribute
  
  
  I 
  never heard of using an attribute as your BaseDN. 
  
  
   
  
  If this worked 
  for you I really would like to know how you did 
it.
  
   
  
  Thanks
  
   
  
  Y
  
   
  
  
  
  From: 
  Jimmy AnderssonSent: Thu 
  21/08/2003 7:34 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
      on ObjectSID attribute
  Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor&n
bsp; Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks
 like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   <
/FONT>Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Dave Sayers]

Title: Message








Basically you can do searches in LDP using
a DN, GUID or SID as the Base DN (GUIDs and SIDs need to be surrounded by
 or  as in Joe’s example below) –
really useful in “Account Unknown” scenarios in the ACL Editor to
translate the SID shown to an actual group or user object.  I believe that
this works simply by searching first for the object with that specific GUID or
SID and then binding to this object, rather than a container as will normally
occur in a search – but that could be wrong J  You could also use
it to keep track of any renamed or moved security principals (SID) or any
object in the directory which may be renamed or moved (GUID)

 

As Joe alluded to, you can actually bind directly
to an object using its SID or GUID using ADSI as well – use GetObject(“LDAP://”)
or GetObject(“LDAP://”)  

 

HTH

Cheers

Dave

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe
Sent: 26 August 2003 23:30
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



 



You know after rereading this thread I
realize that they weren't doing a SID BIND... They were doing a Search with a
BASEDN of a SID. That isn't something I have seen... I saw the formatting of
the string and associated it with a SID Bind and went on my merry way... So I
am now wondering all sorts of things... Not that doing a base dn of a SID will
be extremely useful or at least I can't see it as such except for maybe for
vbscript or other script languages that don't support decent LDAP search calls
and you have to muck around in ADO. 





 





So the SID Bind part I was talking about
is part of ADSI, the SID BaseDN thing is I don't know what though I wonder if
LDP just changes it to a direct Bind. I guess it would take a network trace of
it going to see what it really ends up doing. If my lab wasn't in complete
disarray right now I would take a swing at that. However it is and I ain't...
No research in this lab until I can flop down in the bean bag couch on the
floor with my books and connect to the world via High Speed... I hate dialup.
(Note Read this slowly so my 26.4k connection doesn't stumble...). 





 





  joe





 





-Original Message-
From: Joe
[mailto:[EMAIL PROTECTED] 
Sent: Monday, August 25, 2003 5:15 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



No problem, you wrote the good book, I
simply mention it.





 





SID Bind is like the GUID bind using the
LDAP provider of ADSI. Only part of ADSI 2.5+ I believe. I am not the big
consumer of ADSI, just recall running into it several times, google for
"LDAP://





 





-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, August 25, 2003 1:03 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



Hey Joe,





 





Wow, thanks for the compliment dude.





 





Is the SID bind part of the ADSI ADsPath
syntax, or is it something supported in LDP? I haven't seen it before as part
of ADSI.





 





-g





Gil
Kirkpatrick
CTO, NetPro



-Original Message-
From: Joe
[mailto:[EMAIL PROTECTED] 
Sent: Saturday, August 23, 2003 7:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



This is an adsi thing and is called a SID
Bind, you can also do a GUID bind in a similar manner. If you are using LDAP
API instead of ADSI you need to encode the sid back into an octet string and do
the search with it. Check out Gil Kirkpatrick's Programming Active Directory as
he has some good info on this type of schtuff. Actually if you are doing any AD
programming, get that book. Gil rocks. :op





 





 





  joe





 





 





-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of AD
Sent: Friday, August 22, 2003 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute





I never heard of using an
attribute as your BaseDN. 





 





If this worked for you I really would like to know how you
did it.





 





Thanks





 





Y







 







From: Jimmy
Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor  Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?  

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Joe]

Title: Message



You 
know after rereading this thread I realize that they weren't doing a SID BIND... 
They were doing a Search with a BASEDN of a SID. That isn't something I have 
seen... I saw the formatting of the string and associated it with a SID Bind and 
went on my merry way... So I am now wondering all sorts of things... Not that 
doing a base dn of a SID will be extremely useful or at least I can't see it as 
such except for maybe for vbscript or other script languages that don't support 
decent LDAP search calls and you have to muck around in ADO. 

 
So the 
SID Bind part I was talking about is part of ADSI, the SID BaseDN thing is I 
don't know what though I wonder if LDP just changes it to a direct Bind. I guess 
it would take a network trace of it going to see what it really ends up doing. 
If my lab wasn't in complete disarray right now I would take a swing at that. 
However it is and I ain't... No research in this lab until I can flop down in 
the bean bag couch on the floor with my books and connect to the world via High 
Speed... I hate dialup. (Note Read this slowly so my 26.4k connection 
doesn't stumble...). 
 
  
joe
 

  
  -Original Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 5:15 
  PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  No 
  problem, you wrote the good book, I simply mention it.
   
  SID 
  Bind is like the GUID bind using the LDAP provider of ADSI. Only part of ADSI 
  2.5+ I believe. I am not the big consumer of ADSI, just recall running 
  into it several times, google for "LDAP://
   
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Gil 
KirkpatrickSent: Monday, August 25, 2003 1:03 PMTo: 
    '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Hey Joe,
 
Wow, thanks for the compliment dude.
 
Is 
the SID bind part of the ADSI ADsPath syntax, or is it something supported 
in LDP? I haven't seen it before as part of ADSI.
 
-g
Gil KirkpatrickCTO, NetPro

  
  -Original Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 
  7:46 AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  This is an adsi thing and is called a SID Bind, you can also do a 
  GUID bind in a similar manner. If you are using LDAP API instead of ADSI 
  you need to encode the sid back into an octet string and do the search 
  with it. Check out Gil Kirkpatrick's Programming Active Directory as he 
  has some good info on this type of schtuff. Actually if you are doing any 
  AD programming, get that book. Gil rocks. :op
   
   
    joe
   
   
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
ADSent: Friday, August 22, 2003 9:27 AMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP 
query on ObjectSID attribute

I never heard of 
using an attribute as your BaseDN. 
 
If this worked for you I really 
would like to know how you did it.
 
Thanks
 
Y


From: Jimmy AnderssonSent: 
Thu 21/08/2003 7:34 PMTo: 
    [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP 
query on ObjectSID attribute
Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Rick Kingslan]

OK - that's what I was looking for.  Confirmed that to be the case, so I'm
good with this conclusion, too.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 9:37 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

Rick

Hopefully this should clarify things (although given my previous form, it's
only likely to confuse everyone even more :-)).

1.  LDP can be any version.
2.  Doesn't matter what OS LDP is running on.
3.  The LDAP connection MUST be to a Windows Server 2003 DC.
4.  The LDAP connection MUST NOT be to a Windows 2000 DC, even if the 2003
AD schema extensions are in place.
5.  The forest and domain functional levels are irrelevant.

Tony
-- Original Message --
From: "Rick Kingslan" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 26 Aug 2003 09:04:48 -0500

Now I'm getting confused.

Tony, are you saying that yes - in fact, it should and DOES work for you
regardless of version (LDP and OS)

OR

Yes, it does work, regardless of version (of LDP), but only if the Schema
has been updated to the versions of Windows 2003?

Maybe this clarification will help.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 7:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

Actually, it looks like the LDP version doesn't matter, both v3.0 and the
earlier one will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.
The domain and forest functionality can still be Windows 2000.

Tony
-- Original Message --
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 

____

From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 
________________

From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'R

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Tony Murray]

Rick

Hopefully this should clarify things (although given my previous form, it's only 
likely to confuse everyone even more :-)).

1.  LDP can be any version.
2.  Doesn't matter what OS LDP is running on.
3.  The LDAP connection MUST be to a Windows Server 2003 DC.
4.  The LDAP connection MUST NOT be to a Windows 2000 DC, even if the 2003 AD schema 
extensions are in place.
5.  The forest and domain functional levels are irrelevant.

Tony
-- Original Message --
From: "Rick Kingslan" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Tue, 26 Aug 2003 09:04:48 -0500

Now I'm getting confused.

Tony, are you saying that yes - in fact, it should and DOES work for you
regardless of version (LDP and OS)

OR

Yes, it does work, regardless of version (of LDP), but only if the Schema
has been updated to the versions of Windows 2003?

Maybe this clarification will help.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 7:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

Actually, it looks like the LDP version doesn't matter, both v3.0 and the
earlier one will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.
The domain and forest functionality can still be Windows 2000.

Tony
-- Original Message --
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 



From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 
____________

From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Rick Kingslan]

Now I'm getting confused.

Tony, are you saying that yes - in fact, it should and DOES work for you
regardless of version (LDP and OS)

OR

Yes, it does work, regardless of version (of LDP), but only if the Schema
has been updated to the versions of Windows 2003?

Maybe this clarification will help.

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 7:12 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

Actually, it looks like the LDP version doesn't matter, both v3.0 and the
earlier one will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.
The domain and forest functionality can still be Windows 2000.

Tony
-- Original Message --
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 



From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 



From: Tony Murray
Sent: Fri 22/08/2

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

Cool, haven't tried the earlier version for this task.

Thanks Tony!

BTW - hope you're doing well!

Regards,
/Jimmy

-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Murray
Sent: Tuesday, August 26, 2003 2:12 PM
To: [EMAIL PROTECTED]

Actually, it looks like the LDP version doesn't matter, both v3.0 and the
earlier one will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.
The domain and forest functionality can still be Windows 2000.

Tony
-- Original Message --
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 



From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 
____

From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 



From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a sea

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Tony Murray]

Actually, it looks like the LDP version doesn't matter, both v3.0 and the earlier one 
will work.  

The point is that the LDAP connection must be to a Windows Server 2003 DC.  The domain 
and forest functionality can still be Windows 2000.

Tony
-- Original Message --
From: "Jimmy Andersson" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 25 Aug 2003 21:23:23 +0200

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 



From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 



From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Joe]

Title: Message



Amazon.com  27.99. A steal at twice the price. 
 
 
http://www.amazon.com/exec/obidos/ASIN/0672315874/qid%3D1061860412/sr%3D11-1/ref%3Dsr%5F11%5F1/002-8721134-8383232

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of ADSent: Monday, August 25, 2003 4:45 
  PMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  
  Would love to get is 
  book. Not available from Chapters. ISBN #0672315874.
   
  Do you have an extra copy you 
  would like to sell?
   
  -Original 
  Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Gil 
  KirkpatrickSent: Monday, 
  August 25, 2003 1:03 PMTo: 
  '[EMAIL PROTECTED]'Subject: RE: [ActiveDir] LDAP query on 
  ObjectSID attribute
   
  
  Hey 
  Joe,
  
   
  
  Wow, 
  thanks for the compliment dude.
  
   
  
  Is the 
  SID bind part of the ADSI ADsPath syntax, or is it something supported in LDP? 
  I haven't seen it before as part of ADSI.
  
   
  
  -g
  Gil 
  KirkpatrickCTO, NetPro
  
-Original 
Message-From: Joe 
[mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute

This 
is an adsi thing and is called a SID Bind, you can also do a GUID bind in a 
similar manner. If you are using LDAP API instead of ADSI you need to encode 
the sid back into an octet string and do the search with it. Check out Gil 
Kirkpatrick's Programming Active Directory as he has some good info on this 
type of schtuff. Actually if you are doing any AD programming, get that 
book. Gil rocks. :op

 

 

  
joe

 

 
-Original 
  Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 9:27 
  AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  
  
  I 
  never heard of using an attribute as your BaseDN. 
  
  
   
  
  If this worked 
  for you I really would like to know how you did 
it.
  
   
  
  Thanks
  
   
  
  Y
  
   
  
  
  
  From: 
  Jimmy AnderssonSent: Thu 
  21/08/2003 7:34 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
  on ObjectSID attribute
  Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor  Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[AD]

Title: Message









Would love to get is book. Not available
from Chapters. ISBN #0672315874.

 

Do you have an extra copy you would like to sell?

 

-Original Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, August 25, 2003 1:03
PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute

 



Hey Joe,





 





Wow, thanks for the
compliment dude.





 





Is the SID bind part of
the ADSI ADsPath syntax, or is it something supported in LDP? I haven't seen it
before as part of ADSI.





 





-g



Gil
Kirkpatrick
CTO, NetPro



-Original
Message-
From: Joe [mailto:[EMAIL PROTECTED]

Sent: Saturday, August 23, 2003
7:46 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



This is an adsi thing and
is called a SID Bind, you can also do a GUID bind in a similar manner. If you
are using LDAP API instead of ADSI you need to encode the sid back into an
octet string and do the search with it. Check out Gil Kirkpatrick's Programming
Active Directory as he has some good info on this type of schtuff. Actually if
you are doing any AD programming, get that book. Gil rocks. :op





 





 





  joe





 





 





-Original
Message-
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:27
AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute





I never
heard of using an attribute as your BaseDN. 





 





If this worked for you I really
would like to know how you did it.





 





Thanks





 





Y







 







From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP
query on ObjectSID attribute



Why not use LDP and set it like this: Base DN Filter (&(ObjectCategory=*)(name=*)) (I used a SID from my lab domain) You might need to load the control for deleted objects, if it's deleted. Regards,/Jimmy-    Jimmy Andersson, Q Advice AB    CEO & Principal Advisor  Microsoft MVP - Active Directory-- www.qadvice.com --   -Original Message-From: [EMAIL PROTECTED][mailto:[EMAIL PROTECTED] On Behalf Of ADSent: Friday, August 22, 2003 12:35 AMTo: [EMAIL PROTECTED] Anyone know how to query AD on the ObjectSID?   My query looks like this:   (&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-341234134123412432412344))   Doesn't return anything. I know the sid must converted but I am not surewhat format it should be in.   Thanks   Y  List info   : http://www.activedir.org/mail_list.htmList FAQ    : http://www.activedir.org/list_faq.htmList archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Joe]

Title: Message



No 
problem, you wrote the good book, I simply mention it.
 
SID 
Bind is like the GUID bind using the LDAP provider of ADSI. Only part of ADSI 
2.5+ I believe. I am not the big consumer of ADSI, just recall running into 
it several times, google for "LDAP://
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of Gil KirkpatrickSent: Monday, August 25, 2003 
  1:03 PMTo: '[EMAIL PROTECTED]'Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  Hey 
  Joe,
   
  Wow, 
  thanks for the compliment dude.
   
  Is 
  the SID bind part of the ADSI ADsPath syntax, or is it something supported in 
  LDP? I haven't seen it before as part of ADSI.
   
  -g
  Gil KirkpatrickCTO, NetPro
  

-Original Message-From: Joe 
[mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 
7:46 AMTo: [EMAIL PROTECTED]Subject: RE: 
    [ActiveDir] LDAP query on ObjectSID attribute
This is an adsi thing and is called a SID Bind, you can also do a 
GUID bind in a similar manner. If you are using LDAP API instead of ADSI you 
need to encode the sid back into an octet string and do the search with it. 
Check out Gil Kirkpatrick's Programming Active Directory as he has some good 
info on this type of schtuff. Actually if you are doing any AD programming, 
get that book. Gil rocks. :op
 
 
  joe
 
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of 
  ADSent: Friday, August 22, 2003 9:27 AMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
      on ObjectSID attribute
  
  I never heard of using 
  an attribute as your BaseDN. 
   
  If this worked for you I really would 
  like to know how you did it.
   
  Thanks
   
  Y
  
  
  From: Jimmy AnderssonSent: Thu 
  21/08/2003 7:34 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
      on ObjectSID attribute
  Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Rick Kingslan]

Props to Gil, too.  Noted that he asked the same 
question.  Don't want anyone to go without due credit (sucking up for 
smarta$$ South-West comments at Gil and Roger's 
expense.)
 
Best part is - Roger is getting dissed and isn't even here 
yet to defend himself yet.  But, then - he doesn't know us yet.  We 
don't care if you're here on or.  Flame on!  
>:-)
 

Rick Kingslan  MCSE, MCSA, MCTMicrosoft MVP - Active 
DirectoryAssociate ExpertExpert Zone - 
www.microsoft.com/windowsxp/expertzone  


From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
ADSent: Monday, August 25, 2003 1:53 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on 
ObjectSID attribute


Rick,
 
You found the solution to my problem. LDP 
version 3.0 worked flawlessly. Jimmy's solution will not work with any 
other.
 
Thanks
 
Yves
 
 


From: Rick KingslanSent: Mon 
25/08/2003 1:07 PMTo: [EMAIL PROTECTED]Subject: 
RE: [ActiveDir] LDAP query on ObjectSID attribute
Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

____

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Direct

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

I know, and I posted it some time ago but it hasn't showed up on the list
yet... 
I use LDP 3.0 in all my 'Inside AD' classes and it works perfect for all my
students and clients. 

Note-to-self, include the LDP version in the future. :)

Glad you got it working! 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 8:53 PM
To: [EMAIL PROTECTED]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly.
Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 



From: Rick Kingslan
Sent: Mon 25/08/2003 1:07 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-

RE: [ActiveDir] LDAP query on ObjectSID attribute

[AD]

Rick,
 
You found the solution to my problem. LDP version 3.0 worked flawlessly. Jimmy's solution will not work with any other.
 
Thanks
 
Yves
 
 


From: Rick KingslanSent: Mon 25/08/2003 1:07 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

____________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

I use LDP version 3.0.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gil Kirkpatrick
Sent: Monday, August 25, 2003 6:53 PM
To: '[EMAIL PROTECTED]'

AFIK, the SID syntax is not part of the LDAP interface... So it is likely
that it is supported by code inside LDP. What versions of LDP are you all
using? That might be why it works for some people and not others.

-g

Gil Kirkpatrick
CTO, NetPro


-Original Message-
From: Jimmy Andersson [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 25, 2003 7:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls. You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

____________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Rick Kingslan]

Jimmy,

What version of OS and version of LDP are you doing this on?  I can't get it
to work either - and I'm using the Builtin Group SIDS.  I would suspect that
I should get a consistent return on those, but I'm getting a BAD_NAME error.



Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jimmy Andersson
Sent: Monday, August 25, 2003 9:51 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

____________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/active

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Gil Kirkpatrick]

Title: Message



Hey 
Joe,
 
Wow, 
thanks for the compliment dude.
 
Is the 
SID bind part of the ADSI ADsPath syntax, or is it something supported in LDP? I 
haven't seen it before as part of ADSI.
 
-g
Gil KirkpatrickCTO, NetPro

  
  -Original Message-From: Joe 
  [mailto:[EMAIL PROTECTED] Sent: Saturday, August 23, 2003 7:46 
  AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  This 
  is an adsi thing and is called a SID Bind, you can also do a GUID bind in a 
  similar manner. If you are using LDAP API instead of ADSI you need to encode 
  the sid back into an octet string and do the search with it. Check out Gil 
  Kirkpatrick's Programming Active Directory as he has some good info on this 
  type of schtuff. Actually if you are doing any AD programming, get that book. 
  Gil rocks. :op
   
   
    joe
   
   
  

-Original Message-From: 
[EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of 
ADSent: Friday, August 22, 2003 9:27 AMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute

I never heard of using an 
attribute as your BaseDN. 
 
If this worked for you I really would 
like to know how you did it.
 
Thanks
 
Y


From: Jimmy AnderssonSent: Thu 
21/08/2003 7:34 PMTo: 
[EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query 
on ObjectSID attribute
Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

I've tried it again and again With different SIDs on existing objects,
and it works every time for me.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Monday, August 25, 2003 4:02 PM
To: [EMAIL PROTECTED]

Can anyone test the following instructions from Jimmy and let me know if it
worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that
I cut and paste from an existing user.
 
Thanks
 
Y
 
 


From: Jimmy Andersson
Sent: Fri 22/08/2003 5:03 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

____________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[AD]

Can anyone test the following instructions from Jimmy and let me know if it worked for you? I can't seem to get it to work.
 
I am not searching on a deleted SID. I am searching on an existing sid that I cut and paste from an existing user.
 
Thanks
 
Y
 
 



From: Jimmy AnderssonSent: Fri 22/08/2003 5:03 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Joe]

Title: Message



This 
is an adsi thing and is called a SID Bind, you can also do a GUID bind in a 
similar manner. If you are using LDAP API instead of ADSI you need to encode the 
sid back into an octet string and do the search with it. Check out Gil 
Kirkpatrick's Programming Active Directory as he has some good info on this type 
of schtuff. Actually if you are doing any AD programming, get that book. Gil 
rocks. :op
 
 
  
joe
 
 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
  On Behalf Of ADSent: Friday, August 22, 2003 9:27 
  AMTo: [EMAIL PROTECTED]Subject: RE: 
  [ActiveDir] LDAP query on ObjectSID attribute
  
  I never heard of using an 
  attribute as your BaseDN. 
   
  If this worked for you I really would 
  like to know how you did it.
   
  Thanks
   
  Y
  
  
  From: Jimmy AnderssonSent: Thu 
  21/08/2003 7:34 PMTo: 
  [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on 
  ObjectSID attribute
  Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

Set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

Don't forget the '<' and '>' on the SID, you might also need to put in the
'-' symbol within the SID itself.

Also you might need to check in the control 'Return deleted objects' if the
object exist in the Deleted Object container. You'll find the controls in
Search - Options - Controls.
You also might need to 

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 9:58 PM
To: [EMAIL PROTECTED]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I
actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=,
objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 

________

From: Tony Murray
Sent: Fri 22/08/2003 10:02 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


It's not really using an attribute as your Base DN.  The starting point for
a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[AD]

Tony,
 
I clicked on Browse and then Search in LDP. The little window comes up. (I actually used bind first).
 
In the base DN field I typed in "SID=S15A913838F5E5A9AABF22742D54F69"
In the Filter field I type in "(&(ObjectCategory=*))"
My scope is set to Subtree.
I clicked on Run.
 
The ObjectSID was a cut and paste from my attribute.
 
I does not return anything. What am I doing wrong here? I tried SID=, objectSID=, GUID=,objectGIUD=.
 
Any help would be appreciated.
 
Thanks
 
Y
 
 


From: Tony MurraySent: Fri 22/08/2003 10:02 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
It's not really using an attribute as your Base DN.  The starting point for a search can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

I use the SID as the BaseDN.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 3:27 PM
To: [EMAIL PROTECTED]

I never heard of using an attribute as your BaseDN. 
 
If this worked for you I really would like to know how you did it.
 
Thanks
 
Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Tony Murray]

It's not really using an attribute as your Base DN.  The starting point for a search 
can be SID, GUID or DN.  

It works as Jimmy describes below.

Tony

-- Original Message --
From: AD <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Fri, 22 Aug 2003 09:26:36 -0400

I never heard of using an attribute as your BaseDN. 

If this worked for you I really would like to know how you did it.

Thanks

Y



From: Jimmy Andersson
Sent: Thu 21/08/2003 7:34 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute


Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[AD]

I never heard of using an attribute as your BaseDN. 
 
If this worked for you I really would like to know how you did it.
 
Thanks
 
Y


From: Jimmy AnderssonSent: Thu 21/08/2003 7:34 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] LDAP query on ObjectSID attribute
Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] LDAP query on ObjectSID attribute

[Jimmy Andersson]

Why not use LDP and set it like this:

Base DN 
Filter (&(ObjectCategory=*)(name=*))

(I used a SID from my lab domain)

You might need to load the control for deleted objects, if it's deleted.

Regards,
/Jimmy
-
Jimmy Andersson, Q Advice AB  
  CEO & Principal Advisor  
Microsoft MVP - Active Directory
-- www.qadvice.com -- 


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of AD
Sent: Friday, August 22, 2003 12:35 AM
To: [EMAIL PROTECTED]

Anyone know how to query AD on the ObjectSID?

 

My query looks like this:

 

(&(ObjectCategory=user)(SamAccountName=*)(ObjectSID=S15-2-4-3412341341234124
32412344))

 

Doesn't return anything. I know the sid must converted but I am not sure
what format it should be in.

 

Thanks

 

Y


List info   : http://www.activedir.org/mail_list.htm
List FAQ: http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/