Re: How to determine the SID of a Global Group

Laura,

Thanks for your response. I've checked out www.joeware.net and am impressed.
There're loads of great tools there. Unfortunately I need the SID of a Global
Group in and NT4 domain and not AD, so adfind is not going to help on this
occasion.

I did take a look at getsid again, and think that I could use it, with a bit
of scripting, to enumerate all the group SID's within a domain. However, my
scripting is appalling. It's one of those items on my list of things to learn
that slips down the list over and over. I also need to get this resolved by
the end of the week. My chances of learning to script efficiently by the end
of tomorrow as slim to none.

Any other suggestions are very welcome. If someone fancies knocking up a
script to do this all the better. I know I'd appreciate it. I'll learn
scripting next week ... honest.

Regards,
Scott

"Laura E. Hunter [MVP]" wrote:

> Have you tried adfind, from www.joeware.net?
>
> The following query:
>
> adfind -default -rb ou=Marketing -f cn=marketingmgmt objectSid
>
> ....returns the following output for the MarketingMgmt global group:
>
> >objectSid: S-1-5-21-751427308-4037830757-4109730475-1106
>
> Adfind and its cousin, admod, are free dowloads from the site I reference,
> and well worth becoming acquainted with.
>
> HTH
>
>
> --
> Laura E. Hunter: MVP Windows Server - Networking
> All replies to newsgroup, please
> Post provided as-is, no warranties expressed or implied
>
> "Scott Holman" <ScottHolman@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:FB6EDB3D-0612-475B-8E71-33080ADE299B@xxxxxxxxxxxxxxxx
> > Hi all,
> >
> > I'm trying to find a util to determine the SID of a Global Group, but am
> > having difficulty find one. I have Dumpsec from which I can determine the
> > SID
> > of domain users, but not Global Groups.
> >
> > I've also had a look at getsid, newsid, showacls, and a few other utils
> > that
> > I can't remember. None of which seem to help me.
> >
> > To pre-empt the question: I need the group SID to add to a custom security
> > descriptor to enable finer control over access to event logs. Unless,
> > someone
> > knows of a way to change the access permissions to the event logs on a
> > W2k3
> > server in an NT4 domain other than described in
> > http://support.microsoft.com/default.aspx?scid=kb;en-us;323076
> >
> > Cheers,
> >
> > Scott
> >
>
>
>
.

Relevant Pages

  • Re: ACLs and permissions viewed after Migrating from NT 4 domain... The twilight zone?
    ... And if I decomission the old NT4 domain this should ... (the little problem I have noticed is that if you give permissions to both ... > to the new w2k user's sid history. ... > it also checks the sid history when attempting to crack a sid to a user. ...
    (microsoft.public.win2000.security)
  • RE: SID Filtering
    ... When i access resource in NT4 domain with migrated ... NT4 domain controller will not filter any SID ... I get access to all the resource with SID History. ... I DID NOT DISABLE SID FILTERING ON W2K3 DC, ...
    (microsoft.public.windows.server.migration)
  • Re: Write to the registry
    ... The whole point is to move all users from a local work group account to a ... > migrate a local user account to a new domain user account and keep ... > the same user SID. ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ...
    (microsoft.public.windows.server.scripting)
  • Re: Migrating accounts nt4 to 2k3 and SIDs
    ... netdom trust /quarantine ... I have a trust set up and I've turned off SID filtering. ... groups to resources in the NT4 domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Accessing local group by group SID
    ... I would like to access local groups based on their well-known SID. ... For Each oGroupAccount In oGroupAccounts ... torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.scripting.vbscript)