Discussion:
How to get the Domain-SID of the domain the computer belongs to?
(too old to reply)
smurf
2003-08-06 12:32:40 UTC
Permalink
Hi all,

who knows how to get the Domain-SID for a COMPUTER (w2k) witch has a regular
computer-acoount in a domain?
In other words: The SID of the domain in whitch the computer has it's account?


Because i'm programming in C/C++ any snippets of code would be very helpful

thanks
Dave Christiansen [MS]
2003-08-07 18:39:17 UTC
Permalink
If you have the account's SID, you can call GetWindowsAccountDomainSid (see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/getwindowsaccountdomainsid.asp
for details).

You can retrieve the computer account's SID by calling LookupAccountName
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/s
ecurity/getwindowsaccountdomainsid.asp). The computer's account name is
usually the computer's netbios name followed by '$'. For example,
Mymachine.Mydomain.Com's account is probably mymachine$.
--
This message is provided "AS IS" with no warranties, and confers no rights.
This message originates in the State of Washington (USA), where unsolicited
commercial email is legally actionable (see
http://www.wa.gov/ago/junkemail).
Harvesting of this address for purposes of bulk email (including "spam") is
prohibited unless by my expressed prior request. I retaliate viciously
against spammers and spam sites.
Post by smurf
Hi all,
who knows how to get the Domain-SID for a COMPUTER (w2k) witch has a regular
computer-acoount in a domain?
In other words: The SID of the domain in whitch the computer has it's account?
Because i'm programming in C/C++ any snippets of code would be very helpful
thanks
smurf
2003-08-08 09:59:02 UTC
Permalink
Hello Dave,

thank you for your suggestions, but there almost is a little problem:

The API GetWindowsAccountDomainSid is only applicable to systems who's
version is at least WinXP or WinSrv-2003.

Do you know another way whitch's working for Win2000 ?

Another question is:
If the client is in offline-Mode (a Notebook for example) i think this
does not work, because i have to supply the "LookupAccountName" with
any logonserver as "system-name" or not ?

But i also think, the client should "know" - in every mode
(online/offline) - in whitch domain (and SID) it have it's
computer-account.
is this right?

thank you for any further suggestions.
smurf
2003-08-08 10:24:45 UTC
Permalink
Hello Dave,

thank you for your suggestions, but there is a little problem:

The API "GetWindowsAccountDomainSid" requires at least WinXP or
WinSrv-2003 but i need
it for Win2000.

Another question is whitch computername i have to supply to the
"LookupAccountName"
for the computer-account (as "System-Name" param).
I Think, one of the logon-server but does it work in offline-Mode? (a
Notebook for example)

The client itself also have to know the domain-sid for the
netlogon-service or not?

Do you known a way to yuery the SIDs directly from the client without
sending a request
to any logon-server ?

Thank you for any furhter suggestions
Dave Christiansen [MS]
2003-08-08 21:11:02 UTC
Permalink
ahh, ok. Another (probably better) way to do this would be to use
LsaQueryInformationPolicy with PolicyDnsDomainInformation. This will return
a POLICY_PRIMARY_DOMAIN_INFO structure containing the domain's name and SID.

See
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/lsaqueryinformationpolicy.asp
for LsaQueryInformationPolicy and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/policy_primary_domain_info.asp
for the POLICY_PRIMARY_DOMAIN_INFO structure.
--
This message is provided "AS IS" with no warranties, and confers no rights.
This message originates in the State of Washington (USA), where unsolicited
commercial email is legally actionable (see
http://www.wa.gov/ago/junkemail).
Harvesting of this address for purposes of bulk email (including "spam") is
prohibited unless by my expressed prior request. I retaliate viciously
against spammers and spam sites.
Post by smurf
Hello Dave,
The API "GetWindowsAccountDomainSid" requires at least WinXP or
WinSrv-2003 but i need
it for Win2000.
Another question is whitch computername i have to supply to the
"LookupAccountName"
for the computer-account (as "System-Name" param).
I Think, one of the logon-server but does it work in offline-Mode? (a
Notebook for example)
The client itself also have to know the domain-sid for the
netlogon-service or not?
Do you known a way to yuery the SIDs directly from the client without
sending a request
to any logon-server ?
Thank you for any furhter suggestions
Loading...