|
| NT4 SID Available? |
 |
Tue, 25 Mar 2008 12:52:56 -040 |
I need to get the NT4 user SID from an existing domain so I can create a
new AD account with the appropriate SID history.
The NT4 connector seems to return almost everything about the user
except the SID. Is there a way to return the SID?
Anyone have a code fragment to do this?
Thanks!
|
| Post Reply
|
| Re: NT4 SID Available? |
 |
Wed, 26 Mar 2008 09:42:39 +010 |
Hi Jay,
If there is a commandline tool available to
extract this info, then you can quickly bake
that into a scripted Connector by executing
a commandline (constructed in script based
on, for example, Link Criteria settings) and
then parsing the output returned (stdout).
For example, if you want to support Lookup mode
then in your Script Connector you only need to
implement the findEntry() function.
...that is, if you have a commandline tool :)
Hope this helps,
-Eddie
Jay wrote:
> I need to get the NT4 user SID from an existing domain so I can create a
> new AD account with the appropriate SID history.
>
> The NT4 connector seems to return almost everything about the user
> except the SID. Is there a way to return the SID?
>
> Anyone have a code fragment to do this?
>
> Thanks!
|
| Post Reply
|
| Re: NT4 SID Available? |
 |
Fri, 28 Mar 2008 00:01:09 -040 |
Found an easier way. The "user" SID is made up of the domain SID plus
the user RID (RelativeID attribute in the NT4 connector). I use an
Attribute Map to hold the domain SID prefix and then later in the
assembly line I just add the SID prefix + the RID. Works fine.
Of course that led to a new problem of not being able to write the
sIDhistory attribute in AD from LDAP. Only 3 MS utilities and one
rather complicated W32API call with LOTS of requirements and access can
write to that attribute, so I am still stuck, but have learned many new
ways to have things not work!!
Jay
Eddie Hartman wrote:
> Hi Jay,
>
> If there is a commandline tool available to
> extract this info, then you can quickly bake
> that into a scripted Connector by executing
> a commandline (constructed in script based
> on, for example, Link Criteria settings) and
> then parsing the output returned (stdout).
>
> For example, if you want to support Lookup mode
> then in your Script Connector you only need to
> implement the findEntry() function.
>
> ....that is, if you have a commandline tool :)
>
> Hope this helps,
> -Eddie
>
> Jay wrote:
>> I need to get the NT4 user SID from an existing domain so I can create
>> a new AD account with the appropriate SID history.
>>
>> The NT4 connector seems to return almost everything about the user
>> except the SID. Is there a way to return the SID?
>>
>> Anyone have a code fragment to do this?
>>
>> Thanks!
|
| Post Reply
|
|
|
|
|
|
|
|
|
|