FindSID For Domain Controllers

Posted byJustin Roeder Leave a comment on FindSID For Domain Controllers

This tool is a great tool to have for network administrators and people

who use domain controllers or active directory. It allows you to lookup

the SID to and from users accounts,computers,groups and more. It will

tell you if that object has been deleted. You can use it on computers

when the computer is having problems accessing the domain. It will give

you a nice error message about accessing(if any error occurs). Try our

example batch file that opens the tool up to get the SID from the

SYSTEM account. This tool I believe should work on non-administrator

accounts. This tool is an OK tool for anyone at your working place can

use. This tool doesnt hack, it just gives information on the account

being looked up.

 

for example lets say you want to lookup the account dmack from the

domain PTHS. To do so you can call the following commands

 

findsid null PTHS\dmack

findsid null dmack

 

The first one tells it to always use the domain PTHS and the second one

checks the computer running findsid for it, and if it can’t find it, it

will check the domain that the computer is part of. And by having the

first parameter set to the word null it will have the systemname

pointer(memory address in programming) set to nil on the lookup API

commands so it will search for it the default way otherwise the first

parameter is a IP address or hostname of a domain controller.

 

How to find a certain user registry key under HKEY_USERS?

In registry editor under the HKEY_USERS there is subkeys named by their

SID just replace SID_HERE with the SID you would like to lookup.

 

findsid null SID_HERE /SID

 

By adding /SID as the last parameter will tell the object name isn’t a

name it’s a SID of a object you want to lookup.

 

What to do when a computer is having problems accessing the domain

controller?

 

You would open findsid from the command prompt, using the follow command

where PTHSDC is the server name of the domain controller and akrause is

a user account, it doesnt have to be a user account, it can be a user

account,usergroup or computername that is part of that domain.

 

So the command in this example will look like

 

findsid PTHSDC PTHS\akrause

 

if the domain controller is working it should give you information about

the object akrause. Otherwise you may get an error like this:

 

LookupErr:The RPC server is unavailable

ConvertSidToStr:The security ID structure is invalid

program findsid;
{$APPTYPE Console}
{$RESOURCE findsid32.res}
uses
  SysUtils,
  windows,
  Classes;

function ConvertSidToStringSidA(sid:pointer;var lpStr:pchar):bool;stdcall;
external 'advapi32.dll';
function ConvertStringSidToSidA(lpStr:pchar;var sid:pointer):bool;stdcall;
external 'advapi32.dll';

var sidarray:array[0..2048]of byte;
lookuperror,cbSid,cbDomain,cbaccount,siduse:dword;
sidtype:string;
b:boolean;
sid:pointer;
domain,account:array[0..255]of char;
i:integer;
paccount:pchar;
begin
cbsid:=2049;
cbaccount:=256;
cbdomain:=256;
sid:=@sidarray;
if paramcount=0then
begin
writeln('This tool looks up a SID from a server and account name');
writeln('Usage: ',ExtractFilename(paramstr(0)),' servername account [/SID]');
writeln('Commandline switch /SID means that the account is a SID instead of a account name');
writeln('You can type NULL for the default servername');
exitprocess(0);
end;
if stricomp(pchar(paramstr(3)),'/SID')=0 then begin
if not convertstringsidtosidA(pchar(Paramstr(2)),sid)then begin
writeln('ConvertStrToSid:',Syserrormessage(getlasterror));
exitprocess(getlasterror);
end;
if stricomp(pchar(paramstr(1)),'NULL')=0 then
b:=lookupaccountsid(nil,sid,account,cbaccount,domain,cbdomain,siduse) else
b:=lookupaccountsid(pchar(paramstr(1)),sid,account,cbaccount,domain,cbdomain,siduse);
lookuperror:=getlasterror;
convertsidtostringsida(sid,paccount);
end else begin
if stricomp(pchar(paramstr(1)),'NULL')=0then
b:=lookupaccountname(nil,pchar(paramstr(2)),@sidarray,cbSid,domain,cbdomain,siduse)else
b:=lookupaccountname(pchar(paramstr(1)),pchar(paramstr(2)),@sidarray,cbSid,
domain,cbdomain,siduse);
lookuperror:=getlasterror;
if not ConvertSidToStringSidA(@sidarray,paccount) then begin
writeln('LookupErr:',syserrormessage(lookuperror));
writeln('ConvertSidToStr:',SysErrorMessage(getlasterror));
exitprocess(getlasterror);
end;
end;
if not b then begin
writeln('LookupErr:',syserrormessage(getlasterror));
exitprocess(getlasterror);
end;
case siduse of
SidTypeUser:sidtype:='User';
sidtypegroup:sidtype:='Group';
sidtypealias:sidtype:='Alias';
sidtypewellknowngroup:sidtype:='Well Known Group';
sidtypedeletedaccount:Sidtype:='Deleted Account';
sidtypeinvalid:sidtype:='Invalid Object';
sidtypeunknown:sidtype:='Unknown Object';
9:sidtype:='Computer';
10:sidtype:='Label';
else sidtype:='Unknown '+inttostr(siduse);
end;
if strpas(account)<>''then
writeln('Object Name:',account);
writeln('Object SID:',paccount);
writeln('Object Type:',sidtype);
Writeln('Domain:',domain);
writeln('SID Size:',GetLengthSid(sid),' bytes');
copymemory(@sidarray,sid,getlengthsid(sid));
write('SID data(in hex):');
for i:=0 to getlengthsid(sid)-1 do write(Inttohex(sidarray[i],2));
exitprocess(0);
end.

All programs are virus free. Some antivirus software might say its "suspicious" or a "Potentionaly Unwanted Program". Some of them rate them on what there code looks like no matter if theres a definition in the virus database. If any of them are detected any Antivirus I will zip the software with the password "justin" j is lowercase

Published by Justin Roeder

I am an electronics engineer and computer programmer that has autism. I learned by myself

delphijustin Industries is an Autism Supported Business
Social Media Auto Publish Powered By : XYZScripts.com
All in one
Start
Amazon.com, Inc. OH Dublin
Your cart is empty.
Loading...