Accessing Foreign Security Principals

后端未结

关注

 2  1547

灰色年华 2021-01-15 01:06

Searching for the user michael@mycontoso.com with the objectSid S-1-5-21-1234567890-123465789-123456789-123456, I only find a Foreign Security Prin

2条回答

星月不相逢 (楼主)

2021-01-15 02:01
You may try to retrieve the msDS-PrincipalName:
```
ldapsearch  -b "CN=ForeignSecurityPrincipals,DC=contoso,DC=com" "CN=S-1-5-21-1234567890-123465789-123456789-123456" msDS-PrincipalName
```
FOO\michael@mycontoso.com

Otherwise, the approach is as https://stackoverflow.com/a/27038494/10408280 describes:
1. Retrieve Domain identifier from first part of SID
2. Perform a lookup against that domain for the SID of the user or by sAMAccountName
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...