如何从机器 sid 获取/查找域 sid
[英]How to get/find domain sid from machine sid
问题描述
I can get machine Sid like below:
我可以得到机器 Sid,如下所示:
var dir = new DirectoryEntry($"WinNT://{Environment.MachineName},Computer");
var objSid = dir.Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID");
var secId = new SecurityIdentifier((byte[])objSid, 0);
var machineSid = secId.AccountDomainSid.ToString();
I tried to find computer Sid from machine Sid but it is always NULL.我试图从机器 Sid 中找到计算机 Sid,但它始终是 NULL。
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, "AbcDomain", "userName", "password"))
{
var pc01 = ComputerPrincipal.FindByIdentity(principalContext, IdentityType.Sid, machineSid);
//output: pc01 = null
var pc02 = ComputerPrincipal.FindByIdentity(principalContext, IdentityType.Name, "PC-JACKML5291");
//output: pc02...
}
I want to check duplicate machine sid before calling JoinDomainOrWorkgroup .我想在调用JoinDomainOrWorkgroup之前检查重复的机器 sid。 Can I get the Computer SID (joined domain) from machine SID?我可以从机器 SID 获取计算机 SID(加入域)吗?
1 个解决方案
解决方案1
0 2020-05-29 20:32:06
The machine SID is not the same as the SID of the computer object on the domain.机器 SID 与域上计算机 object 的 SID 不同。 They are different.它们不一样。
According to this article ,根据这篇文章,
in order to assure uniqueness, the SID that Setup generates has one fixed subauthority value (21) and three randomly-generated subauthority values (the numbers following “S-1-5-21” in the output).
If you want the SID of the computer object on the domain, you will have to search for the object by the computer name.如果您想要域中计算机 object 的 SID,则必须通过计算机名称搜索 object。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.