Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Retrieve current user SID with vbscript?

475 views
Skip to first unread message

Richard Roche

unread,
Jun 23, 2003, 1:20:39 PM6/23/03
to
I have been unable to retrieve the current user SID using vbscript. I
assume one needs to use the WMI service to do this. Any help with this
apparently easy question would be appreciated.

Richard


Richard Mueller [MVP]

unread,
Jun 23, 2003, 1:26:17 PM6/23/03
to
Richard Roche wrote:

Hi,

You can bind to the user object and retrieve the objectSid attribute. This
is an OctetString (byte array), but VBScript can convert this to a hex
string. For example:

Option Explicit
Dim objUser, objSysInfo

Set objSysInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objSysInfo.UserName)
Wscript.Echo "User SID = " & OctetToHexStr(objUser.objectSid)

Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.

Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--


Richard Roche

unread,
Jun 23, 2003, 2:03:35 PM6/23/03
to
Thanks for the prompt reply Richard. I'm not a Domain Admin and will need
access to current User SIDs locally as they are outside my OU. Can I do
some kind of

...ExecQuery("Select SID from Win32_UserAccount where ....

and plug in the UserName field from Wscript.Network CreateObject?

Thanks.


"Richard Mueller [MVP]" <rlmu...@ameritech.net> wrote in message
news:%23jl2i6a...@TK2MSFTNGP11.phx.gbl...

Richard Roche

unread,
Jun 26, 2003, 5:58:32 PM6/26/03
to
Hi Richard:
I finally did have success with this....
Set objNetwork = WScript.CreateObject("Wscript.Network")
strUser = objNetwork.UserName
Set SIDs = objWMIService.ExecQuery("Select SID from Win32_UserAccount _
where Name='" & "" & strUser & "'",,48)

However, this is taking 10-15 seconds to return the SID so I definitely need
something faster. I'm trying your script now, and I receive the SID in hex
format. (Thanks for the help by the way...). How can I get the SID in the
S-1-5-21-.... format as it appears in the registry key name?

Thanks,
Richard


"Richard Mueller [MVP]" <rlmu...@ameritech.net> wrote in message
news:%23jl2i6a...@TK2MSFTNGP11.phx.gbl...

Richard Mueller [MVP]

unread,
Jun 30, 2003, 1:03:24 PM6/30/03
to
Hi,

I never had a need to do this, but it occurs to me this might help specify
trustees in ACL's. The code to allow or disallow a user to change their own
password, for example, only works in English because you specify trustees
like "Everyone" and "Self" that don't exist in other languages. I guess it
would also help in locating profiles on the local workstation. In any case,
here is a first attempt. I'm sure it can be improved. It mostly proves that
it can be done in VBScript without resorting to API's or ADsSecurity.dll.
More work is needed to handle the different "flavors" of Sid strings, such
as builtin (well known) accounts. The following works for normal user
accounts in my AD. You can see how the sections of the Sid are built from
specific bytes of the hex string. Also notice that the hex bytes are
transposed to convert to decimal (the highest order byte is right-most).

Option Explicit
Dim strSid, objUser

Set objUser = GetObject("LDAP://cn=TestUser,ou=Sales,dc=MyDomain,dc=com")
strSid = OctetToHexStr(objUser.objectSid)

Wscript.Echo HexStrToSidStr(strSid)

Function HexStrToSidStr(strSid)
Dim arrbytSid, lngTemp, j

ReDim arrbytSid(Len(strSid)/2 - 1)
For j = 0 To UBound(arrbytSid)
arrbytSid(j) = CInt("&H" & Mid(strSid, 2*j + 1, 2))
Next

HexStrToSidStr = "S-" & arrbytSid(0) & "-" _
& arrbytSid(1) & "-" & arrbytSid(8)

lngTemp = arrbytSid(15)
lngTemp = lngTemp * 256 + arrbytSid(14)
lngTemp = lngTemp * 256 + arrbytSid(13)
lngTemp = lngTemp * 256 + arrbytSid(12)

HexStrToSidStr = HexStrToSidStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(19)
lngTemp = lngTemp * 256 + arrbytSid(18)
lngTemp = lngTemp * 256 + arrbytSid(17)
lngTemp = lngTemp * 256 + arrbytSid(16)

HexStrToSidStr = HexStrToSidStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(23)
lngTemp = lngTemp * 256 + arrbytSid(22)
lngTemp = lngTemp * 256 + arrbytSid(21)
lngTemp = lngTemp * 256 + arrbytSid(20)

HexStrToSidStr = HexStrToSidStr & "-" & CStr(lngTemp)

lngTemp = arrbytSid(25)
lngTemp = lngTemp * 256 + arrbytSid(24)

HexStrToSidStr = HexStrToSidStr & "-" & CStr(lngTemp)

End Function

Function OctetToHexStr(arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.

Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

For techniques using ADsSecurity.dll, see Microsoft KB articles 297951 and
286182.

--
Richard
Microsoft MVP Scripting and ADSI
http://www.rlmueller.net
--

"Richard Roche" <nik...@msu.edu> wrote in message
news:e#FQZ4CPD...@TK2MSFTNGP10.phx.gbl...

0 new messages