Re: Creating SID Manaully

From: Glen <DamnBigMan@xxxxxxxxx>
Date: Fri, 31 Aug 2007 21:42:49 -0000

On Aug 31, 3:37 pm, Glen <DamnBig...@xxxxxxxxx> wrote:

On Aug 31, 3:25 pm, "Joe Kaplan"

<joseph.e.kap...@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:

This statement makes no sense to me:

Everything is working, however when the students request an account
they specify what classes they are taking and are added to
corresponding groups in order to have access to resources on the
server that are specific to that class.

I was hoping I could generate my own SID and GUID so that I wouldn't
have to wait for AD as it is remarkably slow (everything else is done
though LDAP). I guess I'll just have to have it sleep for a while or
move the group membership functionality out into a server side script
that runs every 15 minutes. I'm really just trying to optimize stuff.

------

Can you elaborate? Are you creating a user in AD and then using that
account to ACL local resources like files or folders? Why would generating
a SID and GUID be helpful?

Joe K.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"http://www.directoryprogramming.net
--"Glen" <DamnBig...@xxxxxxxxx> wrote in message

news:1188594104.877451.318630@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Aug 31, 1:24 pm, net_admin <netad...@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

As the other friends said, SID is managed by AD internally and it's the
RID
master that manages the distribution for the DCs.

Also, I'm interested in having an automatic process like the one you are
creating. If you could share, I would apprecitate.

--
NetAdmin <São Paulo, BR>
"Das ist nicht mein bier... arschloch."

Background:

What I'm trying to do is have a self contained user request/creation
system. I work for a larger community college and the Applied
Technologies school is on a separate domain from the main campus.
Certain laws have arisen requiring accurate identification of all
users of system resources (basically no generic accounts). The
current account request system works on the honor system.

I am re-building it with two goals in mind, one get it off of Cold
Fusion, and two verify credentials against main campus domain.

Current State:

Everything is working, however when the students request an account
they specify what classes they are taking and are added to
corresponding groups in order to have access to resources on the
server that are specific to that class.

I was hoping I could generate my own SID and GUID so that I wouldn't
have to wait for AD as it is remarkably slow (everything else is done
though LDAP). I guess I'll just have to have it sleep for a while or
move the group membership functionality out into a server side script
that runs every 15 minutes. I'm really just trying to optimize stuff.

The current system is being written in Ruby On Rails.

I am creating the user in AD but I was hoping to do it using LDAP
rather than letting AD create the user.

The problem is that it takes AD up to a minute to process the request
and create the account in the database. I can do it faster with LDAP,
however I don't know how to create SID and GUID entries.

I guess the user doesn't have to exist before they are added to the
group though. I could try that, otherwise I have to wait for the
account to appear in LDAP before I can add them to the appropriate
groups.

It wouldn't be much of a problem except that users may occasionally be
created using the standard interface (AD Users and Computers) and I
don't want my program and AD to step on each others toes. I also
don't know what UUID technique Microsoft uses to generate their GUIDs
so I can't garuntee consistency if I do it my self.

.

Follow-Ups:
- Re: Creating SID Manually
  - From: Ryan Hanisco

References:
- Re: Creating SID Manaully
  - From: Joe Kaplan
- Re: Creating SID Manaully
  - From: Glen

Prev by Date: Re: Creating SID Manaully
Next by Date: Re: Creating SID Manaully
Previous by thread: Re: Creating SID Manaully
Next by thread: Re: Creating SID Manually
Index(es):
- Date
- Thread

Relevant Pages

LDAP Weirdness (Solaris 9)
... I'm having a very odd problem with LDAP authentication on a Solaris 9 ... The LDAP server is running OpenLDAP with a self-signed ... that you would expect for an account that doesn't exist. ...
(comp.unix.solaris)
RE: LDAP Test error unable to authenticate user
... 825763 How to configure Internet access in Windows Small Business Server ... Since the issue happen only on one client computer, ... Delete the computer account from SBS domain: ... LDAP Test error unable to authenticate user ...
(microsoft.public.windows.server.sbs)
RE: Access denied ( From one site to another, that is in another server)
... You are running into a delegation issue here. ... remote resources on behalf of the client. ... from a one server to get to another server, the account credentials must be ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Exchange ADC
... i used the exch service account I got the error I asked ... I setup a one way connection only because all I want to do ... are moved I should be able to shutdown the 5.5 server. ... >>ldap is configured on port 389 and it working. ...
(microsoft.public.exchange2000.active.directory.integration)
Re: Another GAL problem
... > one, we only go further if we're going to be operating in "Exchange Mode", ... > which means either in an Exchange account, or an LDAP account which is using ... > see whether or not the server is returning the correct results and Entourage ...
(microsoft.public.mac.office.entourage)