stamandster Posted March 24, 2021 Share Posted March 24, 2021 Hi All, Trying to pull the objectSid from a security group and getting nothing, no matter what I try. Is this even possible with the AD UDF? Normal accounts seem to work fine. Any suggestions would be appreciated. Link to comment Share on other sites More sharing options...
water Posted March 24, 2021 Share Posted March 24, 2021 We need more information! Which function do you use to extract this information? My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
stamandster Posted March 24, 2021 Author Share Posted March 24, 2021 (edited) @water Sorry about that! I'm attempting to use _AD_GetObjectAttribute(<SecurityGroup>,"objectSid") and it's not pulling the info (using sAMAccountName). Doesn't seem to work either when using FQDN (for me at least). Edited March 24, 2021 by stamandster Link to comment Share on other sites More sharing options...
water Posted March 24, 2021 Share Posted March 24, 2021 If @error = 0 then it grabs the infomation but doesn't translate it to a readable form. Use _AD_GetObjectProperties. My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
stamandster Posted March 24, 2021 Author Share Posted March 24, 2021 Thanks @water That seemed to work for the domain my own account is authenticated to. When I use _AD_Open and choose another domain in the forest, and a server to query, it isn't pulling the same information. Any tips? Link to comment Share on other sites More sharing options...
water Posted March 24, 2021 Share Posted March 24, 2021 So you expect the "objectSid" for the "SecurityGroup" to be the same for different domains? The AD UDF just queries the DC using LDAP and displays the returned result. If the function does not return and error then the result you get is the "correct" result. Or can you link us to a source where we can get more information about how AD handles those SIDs in domains and forests? My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
water Posted March 24, 2021 Share Posted March 24, 2021 https://docs.microsoft.com/en-us/windows/win32/ad/how-security-groups-are-used-in-access-control "The security identifier (SID) is the object identifier of the user or security group when the user or group is used for security purposes. The name of the user or group is not used as the unique identifier within the system. The SID is stored in the objectSid attribute of user objects and security group objects. The Active Directory server generates the objectSid when the user or group is created. The system ensures that the SIDs are unique across a forest. Be aware that the objectGuid is the unique identifier of a user, group, or any other directory object. The SID changes if a user or group is moved to another domain; the objectGuid remains the same." My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
stamandster Posted March 24, 2021 Author Share Posted March 24, 2021 @water No I'm not expecting anything to be the same. I'm just simply looking to query a specific attribute in another domain in the forest for a group I specify. Just the same as I can lookup an attribute in my current domain for a group. Link to comment Share on other sites More sharing options...
water Posted March 24, 2021 Share Posted March 24, 2021 2 hours ago, stamandster said: When I use _AD_Open and choose another domain in the forest, and a server to query, it isn't pulling the same information. Can you please post the code you use, the result you get and the result you expect? My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now