Skip to main content
U
User_Since_V1_5
Inspiring
October 22, 2008
Question

Extracting ObjectSID from LDAP query

  • October 22, 2008
  • 4 replies
  • 2821 views
I'm using CFLDAP in CF MX7 to retrieve sAMAccountName, DisplayName and ObjectSID from a Windows 2003 server. I'm logging in as Administrator to do this.

ObjectSIDs get returned as a binary values, which I am able to convert to strings via CharsetEncode with encoding us-ascii. But these strings look nothing like what I'm expecting: strings of the form S-x-yyyy-......

Is this because the binary values getting returned are encrypted? If so, is there any way to decrypt them? If not, does anyone know how else I can retrieve the actual ObjectSID values in the form S-x-yyyy-.....?

This topic has been closed for replies.

4 replies

U
User_Since_V1_5Author
Inspiring
October 23, 2008
Which I'm now in the process of doing. Thank you for all of your help.
M
Michael8
Participating Frequently
October 23, 2008
My guess is you need to substring that value and build it, manually.
U
User_Since_V1_5Author
Inspiring
October 23, 2008
This works perfectly; thank you.....

Except for one thing: It returns

ObjectSID (Binary Value converted to Hex) 0105000000000005150000000703FBC41125E21C37690BF7F4010000

and I need to convert that to S-x-yyyyy-zzzz-......

This is what has been throwing me. Where do I go from here?
M
Michael8
Participating Frequently
October 22, 2008
First, you will need the "returnAsBinary" attribute of CFLDAP.

Then, read this:

http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:46529

And look at this:

http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=705
U
User_Since_V1_5Author
Inspiring
October 23, 2008
Thanks for the information.

Unfortunately, though it gives me some avenues of investigation, this stuff is WAY beyond my pay grade , so please bear with me.

First, I have been retrieving ObjectSID as binary, so that is not an issue. The references indicate that I must manipulate that binary data somehow -- but it looks like the manipulation shown is unique to the format of GUID, not ObjectSID. Surely that changes the manipulation I'll be required to do?

Second (and related to the first): it appears that I have to process each array element into a corresponding set of decimal (not hex) digits (I THINK the substrings in ObjectSID are always decimal, except for the initial 'S'?). I don't understand the processing methodology in the example: why does the code consider only the rightmost 2 characters of each array element?

As you can see, I'm a total novice at working with binary data. Any additional info would be greatly appreciated.
M
Michael8
Participating Frequently
October 23, 2008
The attached code is a working example of how I retrieve binary, and other, data from Active Directory. This code is for debugging or quick dumps of a person's account.

Make sure the change your server, domain, username and password values before running the code.
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices