1

I found following page with documentation: http://support.microsoft.com/kb/243330. Now there is a mysterious domain string in SID. I understand that when I want to use this sid with this mysterious string I should replace it with a correct domain SID. The question is where can I find this domain SID that I can put into the SID for system administrator (for example) in order to be able to check some rights later.

SID example: S-1-5-21domain-500.

This domain identifier probably should be in xxxxxxxxxx-xxxxxxxxx-xxxxxxxxx format.

Nixphoe
  • 4,524
  • 7
  • 32
  • 51
Darqer
  • 299
  • 1
  • 2
  • 10

2 Answers2

1

Look up the SID for the domain controller. DCs do not have local machine SIDs.

getsid \\server1 account \\server2 account

getsid is intended to compare SIDs so you have to provide two of them.

See http://strongline.blogspot.com/2005/08/local-computer-sid-domain-sid-and.html

Jeffrey Hulten
  • 370
  • 1
  • 5
0

You're still not being very clear. What tool are you using? What option are you trying to change and where is it? The S-1-5-21domain-500 opiton you linked is the domain Administrator account. The Domain is the SID identifier of your domain.

Based on what I think you're asking, I think this is what you're looking for.

Start > Run > adsiedit.msc and go to Default naming context > OU > CN=Users. Find your CN=Administrator account, right click and go to properties. Find the objectSid. You can see that it matches what the description says.

That will give you the SID. Now why you would need that, I'm not sure, but I really hope you don't change anything in ADSI.

Nixphoe
  • 4,524
  • 7
  • 32
  • 51
  • That was something I was searching for, I can even get directly this domain SID when I look at the properties of the domain and locate 'object SID'. Thank you very much. – Darqer Jul 11 '11 at 20:41