【问题标题】:How can I obtain an Active Directory Group name from a SQL Server stored SID?如何从 SQL Server 存储的 SID 获取 Active Directory 组名称?
【发布时间】:2011-10-13 12:01:06
【问题描述】:

这是我今天早上早些时候提出的一个问题 (posted here) 的后续问题。按照提供的说明,我设法查询我的 SQL Server 2000 数据库以查找与 AD 组关联的 SID。然而,SID 看起来像这样:

0x0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF01234567

如何获取 SID 引用的 AD 组的名称?我试过用谷歌搜索 PowerShell 脚本,但是,他们的大多数 SID 示例如下所示:

S-1-5-21-1454471165-1004335555-1606985555-5555

显然,这看起来不像我从 SQL Server 获得的值。我该怎么做?

【问题讨论】:

    标签: sql-server security powershell active-directory sql-server-2000


    【解决方案1】:

    如果您正在使用适用于 SQL 2000 的 sqlps(SQL Powershell 主机)(我已经在我的 2000 实例上对此进行了测试),您可以使用:

    $query = @"
    select sid from syslogins where isntgroup = 1
    AND name = 'CONTOSO\mylogin'
    "@
    
    invoke-sqlcmd -ServerInstance "myserver" -Database master -Query $query | 
    foreach {$SID = new-object security.principal.securityidentifier($_.SID,0); $SID.translate([system.security.principal.NTAccount]) }
    

    【讨论】:

      【解决方案2】:

      对于那些没有 sqlps 的人: 使用这个在线 C# shell 将单个 sid 格式化为文本

      http://rextester.com/AFAC13570

      代码备份:

      //Rextester.Program.Main is the entry point for your code. Don't change it.
      //Compiler version 4.0.30319.17929 for Microsoft (R) .NET Framework 4.5
      
      using System;
      using System.Collections.Generic;
      using System.Linq;
      using System.Text.RegularExpressions;
      using System.Text;
      using System.Runtime.Remoting.Metadata.W3cXsd2001;
      
      namespace Rextester
      {
          public class Program
          {
      
              public static string ConvertByteToStringSid(Byte[] sidBytes)
              {
      
                  StringBuilder strSid = new StringBuilder();
                  strSid.Append("S-");
      
                  // Add SID revision.
                  strSid.Append(sidBytes[0].ToString());
                  // Next six bytes are SID authority value.
                  if (sidBytes[6] != 0 || sidBytes[5] != 0)
                  {
                      string strAuth = String.Format
                      ("0x{0:2x}{1:2x}{2:2x}{3:2x}{4:2x}{5:2x}",
                      (Int16)sidBytes[1],
                      (Int16)sidBytes[2],
                      (Int16)sidBytes[3],
                      (Int16)sidBytes[4],
                      (Int16)sidBytes[5],
                      (Int16)sidBytes[6]);
                      strSid.Append("-");
                      strSid.Append(strAuth);
                  }
                  else
                  {
                      Int64 iVal = (Int32)(sidBytes[1]) +
                      (Int32)(sidBytes[2] << 8) +
                      (Int32)(sidBytes[3] << 16) +
                      (Int32)(sidBytes[4] << 24);
                      strSid.Append("-");
                      strSid.Append(iVal.ToString());
                  }
      
                  // Get sub authority count...
                  int iSubCount = Convert.ToInt32(sidBytes[7]);
                  int idxAuth = 0;
                  for (int i = 0; i < iSubCount; i++)
                  {
                      idxAuth = 8 + i * 4;
      
                      if (idxAuth >= sidBytes.Length)
                      {
                          Console.WriteLine("OK :old NT account");
                          return strSid.ToString();
                      }
      
                      UInt32 iSubAuth = BitConverter.ToUInt32(sidBytes, idxAuth);
                      strSid.Append("-");
                      strSid.Append(iSubAuth.ToString());
                  }
                  return strSid.ToString();
              } 
      
              public static void Main(string[] args)
              {
                  //Your code goes here
                  Console.WriteLine(
                      ConvertByteToStringSid(
                          SoapHexBinary.Parse(
                              "0x01050000000000051500000079542007311FAE6D096510145E540300".Substring(2)
                          ).Value
                      )
                  );
              }
          }
      }
      

      学分:

      https://www.sqlservercentral.com/Forums/FindPost1322822.aspx

      How do you convert Byte Array to Hexadecimal String, and vice versa?

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2011-08-16
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多