You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » WinNT:// - Groupname from PrimaryGroupID ?
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#130337 - 2004-11-30 01:58 PM WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
following :

Code:

break on

$dom = "medomain"
$usr = "meaccount"

$objUsr = getobject("WinNT://" + $dom + "/" + $usr + "/,user")

$objUsr.PrimaryGroupID

get $

exit 0


returns 512, which should translate to 'Domain Admins'.
So far so good, but I haven't managed to translate this ID to a real group name, no matter what I tried

Any advice ???
:,(
_________________________



Top
#130338 - 2004-11-30 02:28 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
hmm...
the codes I've seen do the stupid "loop and hope for the best" solution.
that is, once you got that RID, go and loop each group and see for match.

for some help, check this:
http://groups.msn.com/windowsscript/adsi.msnw?action=view_list&row=4&viewtype=2&sortstring=


Edited by Jooel (2004-11-30 02:29 PM)
_________________________
!

download KiXnet

Top
#130339 - 2004-11-30 02:31 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
on the other hand, it seems that MS is so silly that they don't even themself'es realize how stupidly everything works even though they have worked out the code:
http://support.microsoft.com/kb/297951/EN-US/
_________________________
!

download KiXnet

Top
#130340 - 2004-11-30 03:04 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Thanx for the link, Lonk
haven't even thought of searching mickymouse.com for it

This is so utterly silly... what the hell would I do with a Group ID anyway ???
_________________________



Top
#130341 - 2004-11-30 04:17 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Richard H. Administrator Offline
Administrator
*****

Registered: 2000-01-24
Posts: 4946
Loc: Leatherhead, Surrey, UK
Funny enough I wanted to do the complete opposite, and identify certain groups (e.g. Domain Admins) where the name had been changed or the language was not english.

I created a set of routines to handle the binary data.

Using ADO to convert to / from BYTE arrays.
Top
#130342 - 2004-11-30 04:50 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
I have code on my site that does this. It is inside Win32Admin3.zip.

http://home.comcast.net/~habullock/kix_solutions.htm
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#130343 - 2004-11-30 10:43 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
kholm Offline
Korg Regular
*****

Registered: 2000-06-19
Posts: 714
Loc: Randers, Denmark
A small KiX-version could be

Code:
Break On

$Dom = @LDomain
$usr = 'Guest'

$oWMIService = GetObject("winmgmts:root\cimv2")
$cItems = $oWMIService.ExecQuery("Select * from Win32_Group where LocalAccount = 0 And Name = 'domain users'")
For Each $oItem In $cItems
  $SID = $oItem.SID
Next

$SID = Left($SID,InStrRev($SID,'-')) ; Get Domain RID
$oUser = GetObject("WinNT://" + $Dom + "/"+ $usr + ",User")
$SID = $SID + $oUser.Get("primaryGroupID")

? 'Primary group name = ' + SidToName($SID)

Get $x


-Erik
Top
#130344 - 2004-12-01 01:00 AM Re: WinNT:// - Groupname from PrimaryGroupID ?
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Is this not able to do what you're wanting to do Jochen?

@PrimaryGroup

Not sure why you want or need this as according to Microsoft it is of no real value anymore since Windows 2000
Top
#130345 - 2004-12-01 12:05 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
@Richard: Thanks, will dig into that
@Howard: this would be Win32Admin.dll dependant, would it ?
@Erik: it doesn't work for me, is there any dependancy for cimv2?
@Ron: Yeah, I know all that and ... don't ask
_________________________



Top
#130346 - 2004-12-01 01:28 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Yes, the code does use the newer Win32Admin for Sid lookup etc. You have not really specified what you intend to do. All manipulation of "primary group" I have seen to date would be done via admin script. Would using the DLL be undesirable?
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#130347 - 2004-12-01 04:24 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Howard,

it is some sort of admin script, so to say ... and yes using/managing another dll would be undesirable, well, if nothing else is usefull I'll get back to it

Thanx
_________________________



Top
#130348 - 2004-12-02 12:57 AM Re: WinNT:// - Groupname from PrimaryGroupID ?
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Here is Microsoft's code for this task.

Code:
On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intPrimaryGroupID = objUser.Get("primaryGroupID")
 
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "<LDAP://dc=NA,dc=fabrikam,dc=com>;(objectCategory=Group);" & _
        "distinguishedName,primaryGroupToken;subtree"  
Set objRecordSet = objCommand.Execute
  
Do Until objRecordset.EOF
    If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
        WScript.Echo "Primary group:"
        WScript.Echo objRecordset.Fields("distinguishedName") & _
            " (primaryGroupID: " & intPrimaryGroupID & ")"
    End If
    objRecordset.MoveNext
Loop
 
objConnection.Close
Top
#130349 - 2004-12-02 09:48 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
kholm Offline
Korg Regular
*****

Registered: 2000-06-19
Posts: 714
Loc: Randers, Denmark
I have a KiX vesion of this:
Code:
$Dom = @LDomain
$usr = 'guest'
 
$oUser = GetObject("WinNT://" + $Dom + "/"+ $usr + ",User" )
$RID = $oUser.Get("primaryGroupID")
$PriName = GetGroupNameFromRID($RID)
If Not @Error
	'Primary group name: ' + $PriName
EndIf
 
Function GetGroupNameFromRID($RID)
	Dim $oConnection,$oCommand,$oRootDSE
	$oConnection = CreateObject("ADODB.Connection")
	$oConnection.Open("Provider=ADsDSOObject;")
	$oCommand = CreateObject("ADODB.Command")
	$oCommand.ActiveConnection = $oConnection
	$oRootDSE = GetObject("LDAP://RootDSE")
	$oCommand.CommandText = "<LDAP://" + $oRootDSE.Get("defaultNamingContext") + ">;(objectCategory=Group);Name,primaryGroupToken;subtree"  
	$oRecSet = $oCommand.Execute
	While Not ($oRecSet.EOF Or $GetGroupNameFromRID)
	    If $oRecSet.Fields("primaryGroupToken") = $RID
	        $GetGroupNameFromRID = CStr($oRecSet.Fields("Name"))
	    EndIf
	    $oRecSet.MoveNext
	Loop
	$oConnection.Close
	Exit VarType($GetGroupNameFromRID) = 0
EndFunction


-Erik
Top
#130350 - 2004-12-02 10:45 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
Thanks for the code Erik, but neither Microsoft or Your code works for me unless the Primary Group is Domain Users

On any account I check that is NOT set to Domain Users it comes back blank. Appears there is something odd going on or the code is of little use on how it works from Microsoft.
Top
#130351 - 2004-12-06 03:15 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Erik, Ron,

thanx for the effort but the LDAP Provider is a tabu here
Still haven't digged into Richards suggestions
_________________________



Top
#130352 - 2004-12-21 04:02 PM Re: WinNT:// - Groupname from PrimaryGroupID ?
Jochen Administrator Offline
KiX Supporter
*****

Registered: 2000-03-17
Posts: 6380
Loc: Stuttgart, Germany
Just for the records, here is what I came up with.
Using Richards udfBytes2Array (for being not too dependant) and a rip of one of the scripts Lonk links to, I created this little proof of concept scriptlet:

Code:

break on



$CurDomain = @ldomain



while $x <> "q"

    cls

    at(10, 2) "Enter Username..."

    at(12, 3) gets $x

    at(13, 3) "Primary Group = " + ADS_GetPrimaryGroup($x)

    at(15, 5) "Q = Quit, any key = next" get $x

loop



exit 0







function ADS_GetPrimaryGroup($usr)

    dim $root, $group, $PrimaryRID, $SID, $tmp, $i

    $root = getobject("WinNT://" + $CurDomain + "/" + $usr + ",user")

    if not @error

        $PrimaryRID = $root.PrimaryGroupID

        for each $group in $root.Groups

            $SID = udfBytes2Array($group.Get("objectSID"))

            for $i = ubound($sid) to ubound($sid)-3 step -1

                $tmp = $tmp + dectohex(val($sid[$i]) / 16) + dectohex(val($sid[$i]) & 15)

            next

            if $PrimaryRID = HexToDec($tmp)

                $ADS_GetPrimaryGroup = $group.Name

                exit 0

            endif

        next

    endif

endfunction



function HexToDec($Hex)

    dim $HexArr, $Fac, $L, $Ch, $nb

    $HexArr = "0","1","2","3","4","5","6","7","8","9","A","B","C","D","E","F"," "

    If $Hex > "7FFFFFFF"

        exit 87

    EndIf

    $HexToDec = 0

    $Fac = 1

    for $L = len($Hex) to 1 step -1

        $Ch = substr($Hex, $L, 1)

        $nb = 0

        while $Ch <> $HexArr[$nb] and $nb < 16

            $nb = $nb + 1

        loop

        if $nb = 16 ; Error in hex-string, contains non-valid characters

            $HexToDec = 0

            exit 87

        endif

        $HexToDec = $HexToDec + $nb * $Fac

        $Fac = $Fac * 16

    next

endfunction



function udfBytes2Array($abBytes)

    dim $oStream,$adTypeBinary,$adTypeText,$i

    $adTypeBinary = 1

    $oStream = createobject("ADODB.Stream")

    if @error exit @error endif



    $oStream.Type=$adTypeBinary

    $oStream.open



    $oStream.Write($abBytes)

    $oStream.Position = 0



    redim preserve $udfBytes2Array[$oStream.Size-1]



    for $i = 0 to ubound($udfBytes2Array)

        $udfBytes2Array[$i] = asc($oStream.Read(1))

    next



    $oStream = 0

    exit 0

endfunction



Special thanks to Erik Kaerholm for writing HexToDec udf back in 2001, which I took the freedom to adapt and use.


Suggestions and Critix welcome


_________________________



Top
Page 1 of 1 1


Moderator:  Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 369 anonymous users online.
details
Newest Members
rrosell, PatrickPinto, Raoul, Timothy, Jojo67
17877 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.117 seconds in which 0.085 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org