Where in AD can I see what the SID is for each computer?
Thanks in advance.
Greg
Where in AD can I see what the SID is for each computer?
Thanks in advance.
Greg
Greg,
You should use adsiedit to see the SID of the computer. If i am not mistaken
it a attribute of the object computer. Forgot which attribute,..something
with security identifier...
--
WWW.ITQuest.nl
IT Freelancer
"Greg" wrote:
> Where in AD can I see what the SID is for each computer?
>
> Thanks in advance.
> Greg
Hi,
If you mean the objectSid attribute, you can only see a small portion of
this in ADSI Edit. objectSid is OctetString, which is a byte array. I use
scripts to convert to hex string, and then to what I call a decimal string
(similar to what you probably want, in the form "S-1-5-21-..."). For
example, a VBScript program to display objectSid of specified object:
==========================
Option Explicit
Dim objComputer, strSid, arrbytSid
' Bind to object.
Set objComputer =
GetObject("LDAP://cn=Computer023,ou=Computers,ou=West,dc=MyDomain,dc=com")
' Retrieve objectSid value.
arrbytSid = objComputer.objectSid
' Convert from byte array to hex string.
strSid = OctetToHexStr(arrbytSid)
Wscript.Echo "Hex SID: " & strSid
' Convert to decimal string.
Wscript.Echo "Decimal SID: " & HexStrToDecStr(strSid)
Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function
Function HexStrToDecStr(strSid)
Dim arrbytSid, lngTemp, j
ReDim arrbytSid(Len(strSid)/2 - 1)
For j = 0 To UBound(arrbytSid)
arrbytSid(j) = CInt("&H" & Mid(strSid, 2*j + 1, 2))
Next
HexStrToDecStr = "S-" & arrbytSid(0) & "-" _
& arrbytSid(1) & "-" & arrbytSid(8)
lngTemp = arrbytSid(15)
lngTemp = lngTemp * 256 + arrbytSid(14)
lngTemp = lngTemp * 256 + arrbytSid(13)
lngTemp = lngTemp * 256 + arrbytSid(12)
HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)
lngTemp = arrbytSid(19)
lngTemp = lngTemp * 256 + arrbytSid(18)
lngTemp = lngTemp * 256 + arrbytSid(17)
lngTemp = lngTemp * 256 + arrbytSid(16)
HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)
lngTemp = arrbytSid(23)
lngTemp = lngTemp * 256 + arrbytSid(22)
lngTemp = lngTemp * 256 + arrbytSid(21)
lngTemp = lngTemp * 256 + arrbytSid(20)
HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)
lngTemp = arrbytSid(25)
lngTemp = lngTemp * 256 + arrbytSid(24)
HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)
End Function
=================
There are other methods as well. My HexStrToDecStr function is specific to
normal objectSid's and may not work in all cases.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"Shao" <Shao@discussions.microsoft.com> wrote in message
news:25B188EF-9F02-41FD-A20A-6A0E58D4343E@microsoft.com...
> Greg,
>
> You should use adsiedit to see the SID of the computer. If i am not
> mistaken
> it a attribute of the object computer. Forgot which attribute,..something
> with security identifier...
>
>
> --
> WWW.ITQuest.nl
>
> IT Freelancer
>
>
> "Greg" wrote:
>
>> Where in AD can I see what the SID is for each computer?
>>
>> Thanks in advance.
>> Greg
adfind -default -f objectcategory=computer objectsid
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Greg wrote:
> Where in AD can I see what the SID is for each computer?
>
> Thanks in advance.
> Greg
as well dsquery * -filter "(objectcategory=computer)" -attr objectsid
--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services
No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Resources
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:eVOpdaYEGHA.3000@TK2MSFTNGP14.phx.gbl...
> adfind -default -f objectcategory=computer objectsid
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Greg wrote:
>> Where in AD can I see what the SID is for each computer?
>>
>> Thanks in advance.
>> Greg
I installed ADSIedit and when I look at the Security Identifier for every PC
and even Domain contrroller there is nothing. it just says <NOT SET>
did I miss something?
"chriss3 [MVP]" wrote:
> as well dsquery * -filter "(objectcategory=computer)" -attr objectsid
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Resources
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:eVOpdaYEGHA.3000@TK2MSFTNGP14.phx.gbl...
> > adfind -default -f objectcategory=computer objectsid
> >
> >
> > --
> > Joe Richards Microsoft MVP Windows Server Directory Services
> > www.joeware.net
> >
> >
> > Greg wrote:
> >> Where in AD can I see what the SID is for each computer?
> >>
> >> Thanks in advance.
> >> Greg
>
>
>
Hi,
I think you want the objectSid attribute. Although the securityIdentifier
attribute is a SID, I have never seen an object where this has a value. I
can find no information on the use of this attribute.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
"Greg" <gregkh@hotmail.com> wrote in message
news:BA132EA0-DBE0-4080-A687-74B42F811209@microsoft.com...
>I installed ADSIedit and when I look at the Security Identifier for every
>PC
> and even Domain contrroller there is nothing. it just says <NOT SET>
>
> did I miss something?
>
>
> "chriss3 [MVP]" wrote:
>
>> as well dsquery * -filter "(objectcategory=computer)" -attr objectsid
>>
>> --
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Resources
>>
>> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
>> news:eVOpdaYEGHA.3000@TK2MSFTNGP14.phx.gbl...
>> > adfind -default -f objectcategory=computer objectsid
>> >
>> >
>> > --
>> > Joe Richards Microsoft MVP Windows Server Directory Services
>> > www.joeware.net
>> >
>> >
>> > Greg wrote:
>> >> Where in AD can I see what the SID is for each computer?
>> >>
>> >> Thanks in advance.
>> >> Greg
>>
>>
>>
You want objectSID. And as Richard previously said, looking at it in adsiedit
will not be very exciting as it will be shown as an octet string, look at the
other suggestions for how to do this.
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Greg wrote:
> I installed ADSIedit and when I look at the Security Identifier for every PC
> and even Domain contrroller there is nothing. it just says <NOT SET>
>
> did I miss something?
>
>
> "chriss3 [MVP]" wrote:
>
>> as well dsquery * -filter "(objectcategory=computer)" -attr objectsid
>>
>> --
>> Regards
>> Christoffer Andersson
>> Microsoft MVP - Directory Services
>>
>>
>> No email replies please - reply in the newsgroup
>> ------------------------------------------------
>> http://www.chrisse.se - Active Directory Resources
>>
>> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
>> news:eVOpdaYEGHA.3000@TK2MSFTNGP14.phx.gbl...
>>> adfind -default -f objectcategory=computer objectsid
>>>
>>>
>>> --
>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>> www.joeware.net
>>>
>>>
>>> Greg wrote:
>>>> Where in AD can I see what the SID is for each computer?
>>>>
>>>> Thanks in advance.
>>>> Greg
>>
>>
I have PCs that were imaged that now have the same computer SID (did not use any SID changing program or sysprep). I used psgetsid to get the SID when I query the PC, but when I use dsquery to get the ObjectSid I get a different SID. Is the computer SID on the actual PC different from objectSid attribute?
Another issue is that when I use Richard's scripting solution I get a different SID than when I use the dsquery option. Any thoughts on that?
Thanks
rc
Bookmarks