RE: [ActiveDir] Sid to Group Name

[joe]

Well maybe...

How long ago was it deleted? If it is less than the tombstone period you may
be able to find the group in the deleted items container. 

You could use adfind to find it 

The command would be

Adfind -showdel -default -binenc -f "objectsid={{SID:}}"


Not sure what the command structure would be for ldifde or dsquery to do
this  ;o)


  joe



Sort of like

V:\>adfind -showdel -default -binenc -f
"objectsid={{SID:S-1-5-21-1275210071-789336058-1957994488-218356}}"

AdFind V01.26.00cpp Joe Richards ([EMAIL PROTECTED]) January 2005

Transformed Filter:
objectsid=\01\05\00\00\00\00\00\05\15\00\00\00W\29\02L\FAO\0C\2F\F8\9F\B4t\F
4T\03\00
Using server: w2kasdc1.joehome.com
Directory: Windows 2000
Base DN: DC=joehome,DC=com

dn:CN=testgroupdelete\0ADEL:4eafc658-0600-4328-a7e3-a923692f62d9,CN=Deleted
Objects,DC=joehome,DC=com
>cn: testgroupdelete\0ADEL:4eafc658-0600-4328-a7e3-a923692f62d9
>groupType: -2147483646
>instanceType: 4
>isDeleted: TRUE
>distinguishedName:
CN=testgroupdelete\0ADEL:4eafc658-0600-4328-a7e3-a923692f62d9,CN=Deleted
Objects,DC=joehome,DC=com
>objectClass: top
>objectClass: group
>objectGUID: {4EAFC658-0600-4328-A7E3-A923692F62D9}
>objectSid: S-1-5-21-1275210071-789336058-1957994488-218356
>name: testgroupdelete\0ADEL:4eafc658-0600-4328-a7e3-a923692f62d9
>sAMAccountName: testgroupdelete
>uSNChanged: 1285863
>uSNCreated: 1285860
>whenChanged: 20050127184048.0Z
>whenCreated: 20050127184046.0Z


1 Objects returned


The command completed successfully.


 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of James Payne
Sent: Thursday, January 27, 2005 1:26 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Sid to Group Name

Excuse the ignorance here, but I have a problem that I don't know how to
solve.  I know the SID of a group that used to exist but no longer does.
Is there a way I can find out what that group name used to be?  Is this
information purged when the group is deleted?  Is there a tool that will use
the SID I have and tell me what group it is/was?

Single Windows 2000 Domain in Native Mode

Any help is greatly appreciated.

Thanks

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

RE: [ActiveDir] Sid to Group Name

[deji]

Since the account is gone, there is nothing to translate it to. Unless it is
one of the well-known (built-in) groups, I think you are SOL :)
 
 
Sincerely,

Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday?  -anon



From: [EMAIL PROTECTED] on behalf of James Payne
Sent: Thu 1/27/2005 10:26 AM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Sid to Group Name



Excuse the ignorance here, but I have a problem that I don't know how to
solve.  I know the SID of a group that used to exist but no longer does.
Is there a way I can find out what that group name used to be?  Is this
information purged when the group is deleted?  Is there a tool that will
use the SID I have and tell me what group it is/was?

Single Windows 2000 Domain in Native Mode

Any help is greatly appreciated.

Thanks

List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/