Create SID?

G

Guest

Hi!

To create a new Windows account I use this code:

const int UF_PASSWD_CANT_CHANGE = 0x0040;
const int UF_DONT_EXPIRE_PASSWD = 0x10000;
DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + domain);
DirectoryEntries entries = obDirEntry.Children;
DirectoryEntry obUser = entries.Add(username, "User");
obUser.Properties["FullName"].Add(name);
obUser.Properties["UserFlags"].Add(UF_PASSWD_CANT_CHANGE |
UF_DONT_EXPIRE_PASSWD);
if(homedir.Length>0)
obUser.Properties["HomeDirectory"].Add(homedir);
object obRet = obUser.Invoke("SetPassword", password);
obUser.CommitChanges();

My question is, is it possible to create a new windows account with a
certain SID?
In the case I wan't to replicate a user on another server.

Regards
Anders Aleborg
Aleborg Solutions
 
N

Nicholas Paldino [.NET/C# MVP]

Anders,

I would think that if you create the user on the domain, then the user
will be recognized across the domain.

Also, having the same SID for a user in two different domains doesn't
get you anything.

Hope this helps.
 
W

Willy Denoyette [MVP]

| Hi!
|
| To create a new Windows account I use this code:
|
| const int UF_PASSWD_CANT_CHANGE = 0x0040;
| const int UF_DONT_EXPIRE_PASSWD = 0x10000;
| DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + domain);
| DirectoryEntries entries = obDirEntry.Children;
| DirectoryEntry obUser = entries.Add(username, "User");
| obUser.Properties["FullName"].Add(name);
| obUser.Properties["UserFlags"].Add(UF_PASSWD_CANT_CHANGE |
| UF_DONT_EXPIRE_PASSWD);
| if(homedir.Length>0)
| obUser.Properties["HomeDirectory"].Add(homedir);
| object obRet = obUser.Invoke("SetPassword", password);
| obUser.CommitChanges();
|
| My question is, is it possible to create a new windows account with a
| certain SID?
| In the case I wan't to replicate a user on another server.
|
| Regards
| Anders Aleborg
| Aleborg Solutions

Not sure what you are trying to achieve, but if you need to clone user
accounts, you first have to clone the machine SID.

Willy.
 
G

Guest

Hi!

This is how I am thinking, the accounts I'm creating is for anonymous access
to websites and ftp accounts, these type of accounts I try to exclude from
the domain and create them on each server instead, one of the reasons is that
it's so many accounts(we're talking thousands of accounts).
The reason I wan't to recreate the account along with the SID is IF we for
some reason wan't to move all users to another server, we can just take the
harddrive with the files for the website and move it, recreate all users and
all permissions on files and folders will continue to work. Permissions are
tied to SID, not to the accounts name.

The other way to do this is to save all permissions in a database (we save
username and passwords for all accounts in a database already, that's why we
easy can restore the users), the problem is that this way of doing it is time
consuming, we need to loop all users that has permissions on a file and if it
matches the current username save it to a DB or XML file (we havn't found out
a way to get the permissions without looping).


Regards
Anders Aleborg
Aleborg Solutions


Nicholas Paldino said:
Anders,

I would think that if you create the user on the domain, then the user
will be recognized across the domain.

Also, having the same SID for a user in two different domains doesn't
get you anything.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Hi!

To create a new Windows account I use this code:

const int UF_PASSWD_CANT_CHANGE = 0x0040;
const int UF_DONT_EXPIRE_PASSWD = 0x10000;
DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + domain);
DirectoryEntries entries = obDirEntry.Children;
DirectoryEntry obUser = entries.Add(username, "User");
obUser.Properties["FullName"].Add(name);
obUser.Properties["UserFlags"].Add(UF_PASSWD_CANT_CHANGE |
UF_DONT_EXPIRE_PASSWD);
if(homedir.Length>0)
obUser.Properties["HomeDirectory"].Add(homedir);
object obRet = obUser.Invoke("SetPassword", password);
obUser.CommitChanges();

My question is, is it possible to create a new windows account with a
certain SID?
In the case I wan't to replicate a user on another server.

Regards
Anders Aleborg
Aleborg Solutions
Click to expand...
Click to expand...
 
W

Willy Denoyette [MVP]

Simple answer; use the right tools for the job. Norton ghost, Power Quest
Image drive are a few tools that are designed to do exactly this.


Willy.

| Hi!
|
| This is how I am thinking, the accounts I'm creating is for anonymous
access
| to websites and ftp accounts, these type of accounts I try to exclude from
| the domain and create them on each server instead, one of the reasons is
that
| it's so many accounts(we're talking thousands of accounts).
| The reason I wan't to recreate the account along with the SID is IF we for
| some reason wan't to move all users to another server, we can just take
the
| harddrive with the files for the website and move it, recreate all users
and
| all permissions on files and folders will continue to work. Permissions
are
| tied to SID, not to the accounts name.
|
| The other way to do this is to save all permissions in a database (we save
| username and passwords for all accounts in a database already, that's why
we
| easy can restore the users), the problem is that this way of doing it is
time
| consuming, we need to loop all users that has permissions on a file and if
it
| matches the current username save it to a DB or XML file (we havn't found
out
| a way to get the permissions without looping).
|
|
| Regards
| Anders Aleborg
| Aleborg Solutions
|
|
| "Nicholas Paldino [.NET/C# MVP]" wrote:
|
| > Anders,
| >
| > I would think that if you create the user on the domain, then the
user
| > will be recognized across the domain.
| >
| > Also, having the same SID for a user in two different domains
doesn't
| > get you anything.
| >
| > Hope this helps.
| >
| > --
| > - Nicholas Paldino [.NET/C# MVP]
| > - (e-mail address removed)
| >
| > | > > Hi!
| > >
| > > To create a new Windows account I use this code:
| > >
| > > const int UF_PASSWD_CANT_CHANGE = 0x0040;
| > > const int UF_DONT_EXPIRE_PASSWD = 0x10000;
| > > DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + domain);
| > > DirectoryEntries entries = obDirEntry.Children;
| > > DirectoryEntry obUser = entries.Add(username, "User");
| > > obUser.Properties["FullName"].Add(name);
| > > obUser.Properties["UserFlags"].Add(UF_PASSWD_CANT_CHANGE |
| > > UF_DONT_EXPIRE_PASSWD);
| > > if(homedir.Length>0)
| > > obUser.Properties["HomeDirectory"].Add(homedir);
| > > object obRet = obUser.Invoke("SetPassword", password);
| > > obUser.CommitChanges();
| > >
| > > My question is, is it possible to create a new windows account with a
| > > certain SID?
| > > In the case I wan't to replicate a user on another server.
| > >
| > > Regards
| > > Anders Aleborg
| > > Aleborg Solutions
| >
| >
| >
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

enable a user account in Active Directory? 1
How to add non mail enable user with LDAP 2

Top