public SecurityIdentifier(WellKnownSidType sidType, SecurityIdentifier domainSid) { switch (sidType) { case WellKnownSidType.AccountComputersSid: //append 515 _sidStr = string.Concat(domainSid.Value, "-515"); break; case WellKnownSidType.AccountDomainUsersSid: //append 513 _sidStr = string.Concat(domainSid.Value, "-513"); break; default: _sidStr = domainSid.Value; // TODO break; } _AccountDomainSid = domainSid.Value; _sidbytes = this.StringToBytes(); _bytelength = _sidbytes.Length; }
//make this searching the GC public static bool LookUpAcctSid(string contextSystem, byte[] abSID, StringBuilder sbDomain) { SecurityIdentifier sid = new SecurityIdentifier(abSID, 0); string[] splits = contextSystem.Split('.'); string sDCs = ""; foreach (string split in splits) sDCs = string.Concat(sDCs, "DC=", split, ","); sDCs = sDCs.Substring(0, sDCs.Length - 1); //some hack to obtain the creds to establish a GC dirContext [Wei] string username = string.Empty; string password = string.Empty; DirectoryEntry.ObtainCreds(out username, out password, contextSystem.ToLower()); GlobalCatalog gc = GlobalCatalog.GetGlobalCatalog( new System.DirectoryServices.ActiveDirectory.DirectoryContext(DirectoryContextType.Domain, contextSystem.ToLower(), username, password)); if (gc == null) //cannot talk to GC { string contextldapPath = string.Concat("LDAP://", contextSystem.ToLower(), "/", sDCs); DirectoryEntry context = new DirectoryEntry(contextldapPath); string filter = string.Concat("(objectSid=", sid.ToString(), ")"); DirectorySearcher ds = new DirectorySearcher(context, filter); ds.SearchScope = SearchScope.Subtree; SearchResult de = ds.FindOne(); if (de == null) { //Console.WriteLine("GetSidDomain::LookUpAcctSid (Not Found!)"); return false; } else { //Console.WriteLine("GetSidDomain::LookUpAcctSid (Found!)"); sbDomain.Append(contextSystem); return true; } } else //search in GC { DirectorySearcher ds = gc.GetDirectorySearcher(); ds.Filter = string.Concat("(objectSid=", sid.ToString(), ")"); ds.SearchScope = SearchScope.Subtree; SearchResult sr = ds.FindOne(); if (sr == null) { //Console.WriteLine("GetSidDomain::LookUpAcctSid (Not Found!) (in GC)"); return false; } else { //Console.WriteLine("GetSidDomain::LookUpAcctSid (Found!) (in GC)"); sbDomain.Append(contextSystem); return true; } } }