Re: I need the SID for all the computer accounts in AD!!

Tech-Archive recommends: Speed Up your PC by fixing your registry

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 3 Jun 2008 11:40:54 -0500

---

"Gabe" <gbouck@xxxxxxxxx> wrote in message
news:48905529-acd3-46ac-bb11-11c5b5a2163c@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Anybody?? I just can't seem to figure it out. If someone could lead me
in the right direction, that'd be great!!


Thanks!

You can use ADO to retrieve the value of the objectSID attribute of all
computers objects in AD. The objectSID attribute is a byte array, so I use
functions to convert first to a hex string, then into a decimal string. For
example:
=============
Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes

Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strComputer

Dim strDN, strHexSid, strDecSid



' Setup ADO objects.

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection



' Search entire Active Directory domain.

Set objRootDSE = GetObject("LDAP://RootDSE";)

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://"; & strDNSDomain & ">"


' Filter on computer objects.
strFilter = "(objectCategory=computer)"



' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,sAMAccountName,objectSID



' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False



' Run the query.
Set adoRecordset = adoCommand.Execute


' Enumerate the resulting recordset.
Do Until adoRecordset.EOF

' Retrieve values and display.
strComputer = adoRecordset.Fields("sAMAccountName").Value

strDN = adoRecordset.Fields("distinguishedName").value

strHexSid = OctetToHexStr(adoRecordset.Fields("objectSid").Value)

strDecSid = HexStrToDecStr(strHexSid)

Wscript.Echo strDN & " (" & strComputer & ")," & strDecSid

' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop



' Clean up.

adoRecordset.Close

adoConnection.Close



Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (Byte Array) to a hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

Function HexStrToDecStr(strSid)
Dim arrbytSid, lngTemp, j

ReDim arrbytSid(Len(strSid)/2 - 1)
For j = 0 To UBound(arrbytSid)
arrbytSid(j) = CInt("&H" & Mid(strSid, 2*j + 1, 2))
Next

HexStrToDecStr = "S-" & arrbytSid(0) & "-" _
& arrbytSid(1) & "-" & arrbytSid(8)

lngTemp = arrbytSid(15)
lngTemp = lngTemp * 256 + arrbytSid(14)
lngTemp = lngTemp * 256 + arrbytSid(13)
lngTemp = lngTemp * 256 + arrbytSid(12)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(19)
lngTemp = lngTemp * 256 + arrbytSid(18)
lngTemp = lngTemp * 256 + arrbytSid(17)
lngTemp = lngTemp * 256 + arrbytSid(16)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(23)
lngTemp = lngTemp * 256 + arrbytSid(22)
lngTemp = lngTemp * 256 + arrbytSid(21)
lngTemp = lngTemp * 256 + arrbytSid(20)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(25)
lngTemp = lngTemp * 256 + arrbytSid(24)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

End Function
==========

Note that this is the value of the objectSID attribute of the computer
object in AD. This is not the SID of the local SAM account database. A
similar program can retrieve that value, but must connect to every computer
remotely. This can be slow and some computers may not be available. Reply if
you need this. I posted a program to retrieve the local SID of all computers
a few days ago.


--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

---

• Follow-Ups:
  • Re: I need the SID for all the computer accounts in AD!!
    • From: Gabe

• References:
  • I need the SID for all the computer accounts in AD!!
    • From: Gabe

• Prev by Date: Re: SP3 and IE7 bug?
• Next by Date: Re: Interactive local logon script
• Previous by thread: I need the SID for all the computer accounts in AD!!
• Next by thread: Re: I need the SID for all the computer accounts in AD!!
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: I need the SID for all the computer accounts in AD!! ... You can use ADO to retrieve the value of the objectSID attribute of all ... ' Comma delimited list of attribute values to retrieve. ... Dim arrbytSid, lngTemp, j ... This can be slow and some computers may not be available. ... (microsoft.public.scripting.vbscript) Re: Retrieve information of a remote machine in vbscript ... It's possible to retrieve information like Operating System ... I have catched the examples in the Script Center and in Hey, ... administrator on the remote computers (Domain Admins is a member of the ... (microsoft.public.scripting.vbscript) Encrypted file system / web server usage. ... A friend wants to store some documents so that he can retrieve them ... Is there any way data can be stored on a web server such that even if ... He is quite happy to dedicate the task to multiple computers. ... (comp.sys.sun.admin) Re: Security/ password problem ... >I use Outlook Express 6 on computers at client offices that I use. ... > configure the mail accounts property not to remember the password. ... > program still is able to retrieve my mails. ... how do I force it to prompt for a password ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2008-06