obtaining a list of all the SIDs and user names in the system

J

Jaccus

I would like to obtain a list of existing users SIDs and their equivalents in
user names. So far I can get all the information from the actual token but
how can I get to all of them? I would appreciate any help, thanks.
 
R

Roger Abell [MVP]

Jaccus said:
I would like to obtain a list of existing users SIDs and their equivalents
in
user names. So far I can get all the information from the actual token but
how can I get to all of them? I would appreciate any help, thanks.
Click to expand...

All that are defined, or all that are in use at the moment ?
 
R

Roger Abell [MVP]

Jaccus said:
I need to get all that are defined, so that I have a full list of sid/name
pairs.
Click to expand...

Try such as the following. Save as whatever.vbs and execute with cscript,
probably redirecting output to a file. I believe this overlooks sid history
if
that had been used and not cleaned up after the migration.
If used on a domain control it works for domain accounts, otherwise it will
work against local accounts; can be remoted by change of sMachine given
the account used has needed permissions.

Option Explicit

Dim sMachine, sAccts, sUQuery
Dim oWmiSvc, cUsrs, oUsr

sMachine = "."

sUQuery = "Select * from Win32_UserAccount"
Set oWmiSvc = GetObject("winmgmts:" &_
"{impersonationLevel=impersonate," &_
"(Security)}!\\" & sMachine & "\root\cimv2")
Set cUsrs = oWmiSvc.ExecQuery(sUQuery)

sAccts = ""
For each oUsr in cUsrs
sAccts = sAccts &_
"User Name: " & oUsr.Name & VbTab &_
"SID: " & " " & oUsr.SID & VbCrLf
Next

WScript.Echo sAccts
 
J

Jaccus

Thank you very much Roger - that works perfectly, it took me some time to get
almost the same result, not knowing vbscript I wrote very similar code
yesterday:
--------------------------------------------
Option Explicit
Dim strDirectory, strFileName, objOpenedFile, objNet, objFSO, objWMIService
Dim userAccountsList, userAccount
strDirectory = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strFileName = "sids.txt"
Const ForWriting = 2
Set objNet = CreateObject("WScript.NetWork")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" _
& objNet.ComputerName & "\root\cimv2")
Set userAccountsList = objWMIService.ExecQuery("SELECT * FROM
Win32_UserAccount")

Set objOpenedFile = objFSO.OpenTextFile(strDirectory & strFileName,
ForWriting, true)

For Each userAccount in userAccountsList
objOpenedFile.Write userAccount.SID & " " & userAccount.Name & vbCrLf
'Wscript.Echo "SID: " & userAccount.SID & " User: " & userAccount.Name
Next
objOpenedFile.Close
--------------------------------------------
Considering it as an answer I am still curious if the same result I could
get with win32 programming (and without WMI). Fortunately servers I needed
this for are with win2000 sp2 at least but since WMI was not implemented in
previous service packs there must be another way to do that :)
 
R

Roger Abell [MVP]

If I remember correctly you can easily get the SID from a user object
under ADSI also. I just did a quick hack up of my old 2003 vintage
getsid script for you, which used WMI for the simplicity of the query
that had a where clause using name=arg(0)
 
J

Jorge de Almeida Pinto [MVP - DS]

how about:
ADFIND -default -f (&(objectCategory=person)(objectClass=user))"
sAMAccountName objectSID -csv



EXAMPLE:
"dn","sAMAccountName","objectSID"
"CN=ADM.ROOT,CN=Users,DC=ADCORP,DC=LAB","ADM.ROOT","S-1-5-21-2443120089-1027212684-2461088850-500"
"CN=Guest,CN=Users,DC=ADCORP,DC=LAB","Guest","S-1-5-21-2443120089-1027212684-2461088850-501"
"CN=SUPPORT_388945a0,CN=Users,DC=ADCORP,DC=LAB","SUPPORT_388945a0","S-1-5-21-2443120089-1027212684-2461088850-1001"
"CN=krbtgt,CN=Users,DC=ADCORP,DC=LAB","krbtgt","S-1-5-21-2443120089-1027212684-2461088850-502"
"CN=ADM.R101,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.R101","S-1-5-21-2443120089-1027212684-2461088850-1337"
"CN=ADM.R102,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.R102","S-1-5-21-2443120089-1027212684-2461088850-1338"
"CN=ADM.R103,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.R103","S-1-5-21-2443120089-1027212684-2461088850-1339"
"CN=ADM.R104,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.R104","S-1-5-21-2443120089-1027212684-2461088850-1340"
"CN=ADM.R105,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.R105","S-1-5-21-2443120089-1027212684-2461088850-1341"
"CN=ADM.H1.R101,OU=AdmAccounts,OU=HISTORY1,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H1.R101","S-1-5-21-2443120089-1027212684-2461088850-1342"
"CN=ADM.H1.R102,OU=AdmAccounts,OU=HISTORY1,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H1.R102","S-1-5-21-2443120089-1027212684-2461088850-1343"
"CN=ADM.H1.R103,OU=AdmAccounts,OU=HISTORY1,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H1.R103","S-1-5-21-2443120089-1027212684-2461088850-1344"
"CN=ADM.H1.R104,OU=AdmAccounts,OU=HISTORY1,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H1.R104","S-1-5-21-2443120089-1027212684-2461088850-1345"
"CN=ADM.H1.R105,OU=AdmAccounts,OU=HISTORY1,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H1.R105","S-1-5-21-2443120089-1027212684-2461088850-1346"
"CN=ADM.H2.R101,OU=AdmAccounts,OU=HISTORY2,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H2.R101","S-1-5-21-2443120089-1027212684-2461088850-1347"
"CN=ADM.H2.R102,OU=AdmAccounts,OU=HISTORY2,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H2.R102","S-1-5-21-2443120089-1027212684-2461088850-1348"
"CN=ADM.H2.R103,OU=AdmAccounts,OU=HISTORY2,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H2.R103","S-1-5-21-2443120089-1027212684-2461088850-1349"
"CN=ADM.H2.R104,OU=AdmAccounts,OU=HISTORY2,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H2.R104","S-1-5-21-2443120089-1027212684-2461088850-1350"
"CN=ADM.H2.R105,OU=AdmAccounts,OU=HISTORY2,OU=Org-Users,DC=ADCORP,DC=LAB","ADM.H2.R105","S-1-5-21-2443120089-1027212684-2461088850-1351"
"CN=ADM SVLCL
RFSRODC1,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.SVLCL.RFSRODC1","S-1-5-21-2443120089-1027212684-2461088850-1352"
"CN=ADM ADLCL
RFSRODC1,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.ADLCL.RFSRODC1","S-1-5-21-2443120089-1027212684-2461088850-1353"
"CN=ADM SVLCL
RSCRODC2,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.SVLCL.RSCRODC2","S-1-5-21-2443120089-1027212684-2461088850-1354"
"CN=ADM ADLCL
RSCRODC2,OU=AdmAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","ADM.ADLCL.RSCRODC2","S-1-5-21-2443120089-1027212684-2461088850-1355"
"CN=Service R1 Account
Backup,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-BACKUP","S-1-5-21-2443120089-1027212684-2461088850-1356"
"CN=Service R1 Account
Monitoring,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MONITORING","S-1-5-21-2443120089-1027212684-2461088850-1357"
"CN=Service R1 Account
Antivirus,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-ANTIVIRUS","S-1-5-21-2443120089-1027212684-2461088850-1358"
"CN=Service R1 Account
Patch,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-PATCH","S-1-5-21-2443120089-1027212684-2461088850-1359"
"CN=Service R1 Account MOM Action
Account,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOMACTACC","S-1-5-21-2443120089-1027212684-2461088850-1360"
"CN=Service R1 Account MOM DAS
Account,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOMDASACC","S-1-5-21-2443120089-1027212684-2461088850-1361"
"CN=Service R1 Account MOM SDK
Account,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOMSDKACC","S-1-5-21-2443120089-1027212684-2461088850-1362"
"CN=Service R1 Account MOSS
Engine,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOSSENGINE","S-1-5-21-2443120089-1027212684-2461088850-1363"
"CN=Service R1 Account MOSS
Search,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOSSSEARCH","S-1-5-21-2443120089-1027212684-2461088850-1364"
"CN=Service R1 Account MOSS Crawl And
Index,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOSSCRAWLIDX","S-1-5-21-2443120089-1027212684-2461088850-1365"
"CN=Service R1 Account MOSS AppPoolID and
SiteWebApp,OU=SvcAccounts,OU=Org-ITMgmt,DC=ADCORP,DC=LAB","SVCR1-MOSSAPPIDWEB","S-1-5-21-2443120089-1027212684-2461088850-1366"

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Identity & Access - Directory Services #

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
 
R

Roger Abell [MVP]

Did you see any indication that this is a domain ??

Roger

"Jorge de Almeida Pinto [MVP - DS]"
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Users/Groups - Sids/Guids. 1
List SIDs ... 1
partial and full SIDs in gpo's? 4
SIDs instead of the user friendly names 5
What happens with SIDs in Migration? 5
sidHistory and token sizes 1
SIDs? 2
Resolving Sids to friendly names 4

Top