How to map SID to user names...

  • Thread starter Thread starter faustino Dina
  • Start date Start date
F

faustino Dina

Hi,

Browsing a group on my terminal server PC Local Management I found that the
membership is composed of "users" like
"\S-1-5-21-917267712-1342860078-1792151419-512". I don't know what hapenned
but it doesn't look that some month ago. Now I need to know which users
these SID correspond. Is it any tool for doing that?

Thanks in advance
Faustino
 
There is a utility to do this called sidtoname from Joeware.net. You can
download it at http://www.joeware.net/win32/zips/SidToName.zip


-
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Use regedit to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList

Each SID listed under there will have a ProfileImagePath that shows you
the user's profile path (and thus their username). Some
 
Thanks Tim.

--
Joe Richards
www.joeware.net

--

Tim Hines said:
There is a utility to do this called sidtoname from Joeware.net. You can
download it at http://www.joeware.net/win32/zips/SidToName.zip


-
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
You can use Ldp.exe to find the user.

Regards,
/Jimmy
Click to expand...

Guys, its great that SID resolution tools are mentioned here but I doubt
they will help if the SIDs correspond to user objects that have been
deleted. They will not resolve to anything sensible like Domain\JohnDoe

HTH

M@
 
If you load the 'Return deleted objects' control in Ldp, the result will be
like the one below (copied from Ldp), and I think it's very useful.

<snip>
ldap_search_ext_s(ld, "<SID=S-1-5-21-3875815968-3522027339-262695637-1621>",
2, "(&(objectClass=user))", attrList, 0, svrCtrls, ClntCtrls, 3000, 0
,&msg)
Result <0>: (null)
Matched DNs:
Getting 1 entries:Objects,DC=qadvice,DC=prv
4> objectClass: top; person; organizationalPerson; user;
1> cn: testusr
DEL:bf28d0ef-ecb0-4559-aff9-a403a12a0a54;
1> distinguishedName:
CN=testusr\0ADEL:bf28d0ef-ecb0-4559-aff9-a403a12a0a54,CN=Deleted
Objects,DC=qadvice,DC=prv;
1> instanceType: 0x4 = ( IT_WRITE );
1> whenCreated: 11/02/2003 00:36:18 W. Europe Standard Time W. Europe
Daylight Time;
1> whenChanged: 11/02/2003 00:37:17 W. Europe Standard Time W. Europe
Daylight Time;
1> uSNCreated: 172438;
1> isDeleted: TRUE;
1> uSNChanged: 172446;
1> name: testusr
DEL:bf28d0ef-ecb0-4559-aff9-a403a12a0a54;
1> objectGUID: bf28d0ef-ecb0-4559-aff9-a403a12a0a54;
1> userAccountControl: 0x200 = ( UF_NORMAL_ACCOUNT );
1> objectSid: S-1-5-21-3875815968-3522027339-262695637-1621;
1> sAMAccountName: testusr;
1> lastKnownParent: CN=Users,DC=qadvice,DC=prv;
4> dSCorePropagationData: 11/02/2003 00:37:17 W. Europe Standard Time W.
Europe Daylight Time; 11/02/2003 00:37:17 W. Europe Standard Time W. Europe
Daylight Time; 11/02/2003 00:37:17 W. Europe Standard Time W. Europe
Daylight Time; 01/08/1601 16:10:56 W. Europe Standard Time W. Europe
Daylight Time;
 
Back
Top