使用ADODB检索AD SID会返回不正确的SID

时间:2014-11-18 14:58:24

标签: vbscript active-directory ldap

我有一个在登录时运行的脚本来执行一些配置文件操作,并且它返回了错误的SID。当使用PowerShell执行相同操作时,我会获得正确的SID。我现在一直在研究一天,但似乎无法确定此脚本的哪一部分会导致返回错误的SID。

这可能是域基础设施的问题吗?

鉴于下面有一个好的SAM,我得到了一个好的SID返回,但它不是正确的SID。此用户对象没有SID历史记录,因此我很难理解为什么我收到了错误的SID。

'* Build LDAP query to lookup user
Set rootDSE = GetObject("LDAP://RootDSE")
base  = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
'* Filter on user objects with the given account name
fltr  = "(&(objectClass=user)(objectCategory=Person)" & _
        "(sAMAccountName=" & strSamAccountName & "))"
'* Add other attributes according to your requirements
attr  = "distinguishedName,sAMAccountName,objectSid,userPrincipalName"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & fltr & ";" & attr & ";" & scope
outFile.WriteLine("Command Text" & cmd.CommandText)
outFile.WriteLine()

'* Retrieve SID from user object, convert to decimal and hex values
Set rs = cmd.Execute
Do Until rs.EOF
  arrSid = rs.Fields("objectSid").Value
  strSidHex = OctetToHexStr(arrSid) 
  strSidDec = HexStrToDecStr(strSidHex) 
  'strUPN = rs.Fields("userPrincipalName").Value
  Dim objTranslator
  Set objTranslator = CreateObject("NameTranslate")
  objTranslator.Init 3, ""
  objTranslator.Set 3, strUPN
  strGUID = objTranslator.Get(7)
  outFile.WriteLine("DN:  " & rs.Fields("distinguishedName").Value)
  outFile.WriteLine("SID: " & strSidDec)
  outFile.WriteLine("UPN: " & rs.Fields("userPrincipalName").Value)
  outFile.WriteLine()
  rs.MoveNext
Loop
rs.Close
conn.Close

'* Function to convert OctetString (byte array) to Hex string. 
Function OctetToHexStr(arrbytOctet) 
  Dim k 
  OctetToHexStr = "" 
  For k = 1 To Lenb(arrbytOctet) 
  OctetToHexStr = OctetToHexStr _ 
  & Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2) 
  Next 
End Function 

'* Function to convert hex Sid to decimal (SDDL) Sid. 
Function HexStrToDecStr(strSid) 
  Dim arrbytSid, lngTemp, j 
  ReDim arrbytSid(Len(strSid)/2 - 1) 
  For j = 0 To UBound(arrbytSid) 
    arrbytSid(j) = CInt("&H" & Mid(strSid, 2*j + 1, 2)) 
  Next 
  HexStrToDecStr = "S-" & arrbytSid(0) & "-" _ 
  & arrbytSid(1) & "-" & arrbytSid(8) 
  lngTemp = arrbytSid(15) 
  lngTemp = lngTemp * 256 + arrbytSid(14) 
  lngTemp = lngTemp * 256 + arrbytSid(13) 
  lngTemp = lngTemp * 256 + arrbytSid(12) 
  HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp) 
  lngTemp = arrbytSid(19) 
  lngTemp = lngTemp * 256 + arrbytSid(18) 
  lngTemp = lngTemp * 256 + arrbytSid(17) 
  lngTemp = lngTemp * 256 + arrbytSid(16) 
  HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp) 
  lngTemp = arrbytSid(23) 
  lngTemp = lngTemp * 256 + arrbytSid(22) 
  lngTemp = lngTemp * 256 + arrbytSid(21) 
  lngTemp = lngTemp * 256 + arrbytSid(20) 
  HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp) 
  lngTemp = arrbytSid(25) 
  lngTemp = lngTemp * 256 + arrbytSid(24) 
  HexStrToDecStr = HexStrToDecStr & "-" & CStr(lngTemp) 
End Function

1 个答案:

答案 0 :(得分:1)

您的函数HexToDecStr()假定二进制SID总是26个字节长。那isn't necessarily true。试试这个:

Function DecodeSID(binSID)
  Dim i, sid

  ReDim bytes(LenB(binSID))
  For i = 1 To LenB(binSID)
    bytes(i-1) = AscB(MidB(binSID, i, 1))
  Next

  sid = "S-" & CStr(bytes(0)) & "-" & _
        Arr2Str(Array(bytes(2), bytes(3), bytes(4), bytes(5), bytes(6), bytes(7)))
  For i = 8 To (4 * bytes(1) + 4) Step 4
    sid = sid & "-" & Arr2Str(Array(bytes(i+3), bytes(i+2), bytes(i+1), bytes(i)))
  Next

  DecodeSID = sid
End Function

Function Arr2Str(arr)
  Dim i, v

  v = 0
  For i = 0 To UBound(arr)
    v = v * 256 + arr(i)
  Next

  Arr2Str = CStr(v)
End Function
相关问题
最新问题