Microsoft

Blog Categories

Subscribe to RSS feed

Archives

SID Reporting

Here is a useful script I found on the web when trying to find a way to report on SIDs for a number of user objects. There is the free "getsid.exe" from the Microsoft Support Tools add-on located on the Windows XP/2000/2003 install CD and that is useful for performing a quick comparison of two objects. I was looking for something on a larger scale.

I came across this VBScript code which will print out the various SID formats for a given user object.:

Option Explicit
Dim objUser, strSidHex, strSidDec

Set objUser = GetObject("LDAP://cn=John Doe,ou=employees,dc=source,dc=local")

Wscript.Echo "User name: " & objUser.Name
strSidHex = OctetToHexStr(objUser.objectSid)
Wscript.Echo "User SID, hex: " & strSidHex
strSidDec = HexStrToDecStr(strSidHex)
Wscript.Echo "User SID, decimal: " & strSidDec
Wscript.Echo "User GUID: " & objUser.Guid

Function OctetToHexStr(arrbytOctet)
‘ Function to convert OctetString (byte array) to Hex string.

Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

Function HexStrToDecStr(strSid)
Dim arrbytSid, lngTemp, j

ReDim arrbytSid(Len(strSid)/2 – 1)
For j = 0 To UBound(arrbytSid)
arrbytSid(j) = CInt("&H" & Mid(strSid, 2*j + 1, 2))
Next

HexStrToDecStr = "S-" & arrbytSid(0) & "-" _
& arrbytSid(1) & "-" & arrbytSid(8)

lngTemp = arrbytSid(15)
lngTemp = lngTemp * 256 + arrbytSid(14)
lngTemp = lngTemp * 256 + arrbytSid(13)
lngTemp = lngTemp * 256 + arrbytSid(12)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(19)
lngTemp = lngTemp * 256 + arrbytSid(18)
lngTemp = lngTemp * 256 + arrbytSid(17)
lngTemp = lngTemp * 256 + arrbytSid(16)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(23)
lngTemp = lngTemp * 256 + arrbytSid(22)
lngTemp = lngTemp * 256 + arrbytSid(21)
lngTemp = lngTemp * 256 + arrbytSid(20)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(25)
lngTemp = lngTemp * 256 + arrbytSid(24)

HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp)

End Function

I took this code and modified it to search an entire forest, search SIDHistory and even added some code to dump the results to a log file (delimited file format) so I could import it into Access and run a comparison of SIDs and SIDHistory for numerous user objects which could be used to compare migrated user objects from the source and target domains.

Leave a Reply