Re: SID history

---

• From: "Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx>
• Date: Fri, 23 Mar 2007 19:20:17 -0400

---

LOL, that means nothing, I forgot half the stuff that went into it. ;)

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Laura E. Hunter [MVP] wrote:

Believe him, he wrote the tool. :-)

- Laura

"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message news:uPCn4iAbHHA.4772@xxxxxxxxxxxxxxxxxxxxxxx

Quick correction, you don't need -binenc to display the SIDs in friendly format, it will just do that. That switch is so you can encode the friendly versions into binary when you want to query on a specific SID.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Laura E. Hunter [MVP] wrote:

SID History is stored as an object attribute that can be viewed in any of the following:

* ADSI Edit (GUI)
* LDP (GUI)
* dsquery (command-line)
* adfind (command-line, download from www.joeware.net)

I prefer adfind because it includes a -binenc switch that will display the SIDs in a much more readable format than you might get otherwise. A sample adfind syntax might be:

adfind -default -f "(&(objectclass=computer)(objectcategory=computer))" -binenc sidHistory

(I can't verify this syntax since I don't have access to any machines that have the SID History attribute set, but that should be very close to the mark if not 100%.)

HTH

.

---

• References:
  • SID history
    • From: jaysal30
  • Re: SID history
    • From: Laura E. Hunter [MVP]
  • Re: SID history
    • From: Joe Richards [MVP]
  • Re: SID history
    • From: Laura E. Hunter [MVP]

• Prev by Date: Re: Extreme latency with group policy application installation
• Next by Date: Re: Security logging ldap Authentication in Active Directory
• Previous by thread: Re: SID history
• Next by thread: Re: Share Resourses in a Cross Forest Model
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Create equivalent of domain admin for single OU? ... great answer including and especially mention of the domain local group. ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... (microsoft.public.windows.server.active_directory) Re: AD user object owner script ... You can get adfind at this link ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... (microsoft.public.win2000.active_directory) Re: Orphaned 2000 DC ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... (microsoft.public.win2000.active_directory) Re: Creating a custom query in AD Users and Computers ... Joe Richards Microsoft MVP Windows Server Directory Services Author of O'Reilly Active Directory Third Edition ... filter. ... So in a tool like adfind (www.joeware.net - go download it now, ... (microsoft.public.windows.server.active_directory) Re: Multiple Time Zones in Windows Server 2003 AD ... Joe Richards Microsoft MVP Windows Server Directory Services ... Author of O'Reilly Active Directory Third Edition ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)