Re: AD Query based on SID
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Oct 2006 10:59:18 -0500
If you need it, the LDAP query syntax for a user based on SID is:
(objectSid=S-1-5-21-xxxxxx)
That works in AD 2003 and ADAM. If you are stuck on AD 2000, you must
specify the SID as an octet string which is a bit of a pain. Let me know if
that's important and I'll show you how.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"Mel" <Mel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:754B53EF-2959-497A-9D3E-F79B69BA443E@xxxxxxxxxxxxxxxx
Irwin,
Thanks...I try to always ask the group before deleting anything like
accounts. Also, I saw a post back on 08/16/2006 ("Lookup account based on
SID") with a similar question. I downloaded those tools and performed the
searches and at least discovered the domains and in fact the account had
been
deleted.
thank you for the verification,
Mel
"Irwin, MCSE,MCDBA,MCT" wrote:
Hi Mel,
From my experience, if you only can find SID without user account name,
meaning that account already deleted. So you can remove it safely from
the
security permission list.
"Mel" wrote:
Hi,
I am looking for a an xml query to import in ADUC to query a user based
on
the SID. I have the SID, but I don't know the user. This SID shows up
on
the security tab on some folders but there is no "name
resolution/recognition" (apologize for the possible incorrect jargon)
to the
SID.
I would like to remove the SID from the list of accounts (security),
but
would prefer to know which object it is before removing (or not).
thanks,
Mel
.
- Follow-Ups:
- Re: AD Query based on SID
- From: Mel
- Re: AD Query based on SID
- Prev by Date: Re: FSMO Role Seizures for DR Testing?
- Next by Date: Re: Restore AD on stand alone server
- Previous by thread: Which GPO is applied
- Next by thread: Re: AD Query based on SID
- Index(es):
Relevant Pages
|
Loading
