我需要在C#中获取机器SID(不是计算机帐户的SID)。计算机被指定为主机名,它不一定是本地计算机,它可以是域计算机或工作组计算机。我使用这个帮助器类来调用LookupAccountName API函数:
private static class Helper
{
internal enum SID_NAME_USE
{
SidTypeUser = 1,
SidTypeGroup,
SidTypeDomain,
SidTypeAlias,
SidTypeWellKnownGroup,
SidTypeDeletedAccount,
SidTypeInvalid,
SidTypeUnknown,
SidTypeComputer
}
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool LookupAccountName(
string systemName,
string accountName,
byte[] sid,
ref int sidLen,
System.Text.StringBuilder domainName,
ref int domainNameLen,
out SID_NAME_USE peUse);
public static SecurityIdentifier LookupAccountName(
string systemName,
string accountName,
out string strDomainName,
out SID_NAME_USE accountType)
{
const int ERROR_INSUFFICIENT_BUFFER = 122;
int lSidSize = 0;
int lDomainNameSize = 0;
//First get the required buffer sizes for SID and domain name.
LookupAccountName(systemName,
accountName,
null,
ref lSidSize,
null,
ref lDomainNameSize,
out accountType);
if (Marshal.GetLastWin32Error() == ERROR_INSUFFICIENT_BUFFER)
{
//Allocate the buffers with actual sizes that are required
//for SID and domain name.
byte[] sid = new byte[lSidSize];
var sbDomainName = new System.Text.StringBuilder(lDomainNameSize);
if (LookupAccountName(systemName,
accountName,
sid,
ref lSidSize,
sbDomainName,
ref lDomainNameSize,
out accountType))
{
strDomainName = sbDomainName.ToString();
return new SecurityIdentifier(sid, 0);
}
}
throw new Win32Exception();
}
}
并像这样使用它:
Helper.SID_NAME_USE accountType;
string refDomain;
SecurityIdentifier sid = Helper.LookupAccountName("falcon.mydomain.local", "falcon", out refDomain, out accountType); //Domain computer
SecurityIdentifier sid = Helper.LookupAccountName("rat", "rat", out refDomain, out accountType); //Workgroup computer
我唯一的问题是,如果计算机是主域控制器(在这种情况下我需要获取域SID),这不起作用。
答案 0 :(得分:2)
对于大多数计算机来说,您可以执行以下操作:
LookupAccountName(“”,“ComputerName”,...); ConvertSidToStringSid(...)
但是对于域控制器,您必须在计算机名称参数中添加美元符号,然后删除返回的SID中的最后一个段。