Guid how to read them in a friendly way

  • Thread starter Thread starter ovvvy
  • Start date Start date
O

ovvvy

I'm checking somthing in my Domain controllers Grup Policy
OU and I went to "logon locally rights" I found couple of
users but in Guid form like:
*S-1-5-21-numbersssssssssssss
How can I read, I want to know who are these users are..

Most likely these are old users from NT4 domain and when I
did the migration it went there..But still I want to know.

Please advise how can i translate or any utils to read it..


How is this Guid is happening, some is readable like
normal text.. yxz\mbotth, yzy\thaprer etc
 
You can try sidtoname from free win32 tools page of www.joeware.net . Note however that it may not be able to resolve
them either if they have been deleted or the domain doesn't exist.

You can at least check to see if the domain is resolvable by removing the last set of numbers from the SID...

Ex:

If you have S-1-5-21-1275210071-789336058-1957994488-218285

The last digits 218285 specify the security principal specifically, you can usually take that off and get the domain
that the object came from like this

S-1-5-21-1275210071-789336058-1957994488-218285



F:\Dev\cpp\SidToName>sidtoname S-1-5-21-1275210071-789336058-1957994488-218285

SidToName V02.00.00cpp Joe Richards ([email protected]) March 2003

[User]: JOEHOME\joe

The command completed successfully.


F:\Dev\cpp\SidToName>sidtoname S-1-5-21-1275210071-789336058-1957994488

SidToName V02.00.00cpp Joe Richards ([email protected]) March 2003

[Domain]: JOEHOME

The command completed successfully.


F:\Dev\cpp\SidToName>
 
Ovvvy, when anything relating to a user right or permission is stored, the
SID (what you call the GUID) is all that's stored. The actual username is
only stored once.

If you can find a SID that's from your current domain, you can find out of
the SID relates to a different domain by comparing the numbers. They will
always start S-1-5-21, but the next three groups of digits identify the
domain the SID comes from. If they match your current domain, then the SID
is most likely a deleted user.

Hope this helps

Oli
 
The following technet article provides the details of a SID:

http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/
windows2000/techinfo/reskit/en-us/distrib/dsce_ctl_xgqv.asp

The following article provides a list of well-known SIDs that are builtin
to Windows 2000 and 2003:
243330 Well Known Security Identifiers in Windows 2000
http://support.microsoft.com/?id=243330

David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "ovvvy" <[email protected]>
| Sender: "ovvvy" <[email protected]>
| Subject: Guid how to read them in a friendly way
| Date: Thu, 1 Jan 2004 13:38:14 -0800
| Lines: 14
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| thread-index: AcPQr499TfqPzt2GTvCbmxRVK2ViPQ==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.win2000.active_directory
| Path: cpmsftngxa07.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:61007
| NNTP-Posting-Host: tk2msftngxa12.phx.gbl 10.40.1.164
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| I'm checking somthing in my Domain controllers Grup Policy
| OU and I went to "logon locally rights" I found couple of
| users but in Guid form like:
| *S-1-5-21-numbersssssssssssss
| How can I read, I want to know who are these users are..
|
| Most likely these are old users from NT4 domain and when I
| did the migration it went there..But still I want to know.
|
| Please advise how can i translate or any utils to read it..
|
|
| How is this Guid is happening, some is readable like
| normal text.. yxz\mbotth, yzy\thaprer etc
|
 
Back
Top