Retrieve user details from Active Directory using SID

Posted by er4z0r on Server Fault See other posts from Server Fault or by er4z0r
Published on 2010-03-08T17:15:21Z Indexed on 2010/03/09 9:08 UTC
Read the original article Hit count: 763


How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing:

Message: User Account Changed:

    Target Account Name:    test12

    Target Domain:  DOMAIN

    Target Account ID:  %{S-1-5-21-3968247570-3627839482-368725868-1110}

    Caller User Name:   Administrator

    Caller Domain:  DOMAIN

    Caller Logon ID:    (0x0,0x62AB1)

    Privileges: -

I want to notify the user about the change. So I need their account-information from AD. When I try to retrieve the user's data from AD via VBScript like this:

Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value
Set objUser = GetObject("LDAP://GUID=1521396824757036278394823687258681110")
Wscript.StdOut.writeLine objUser

I receive an error stating

The handle is invalid

© Server Fault or respective owner

Related posts about Windows

Related posts about active-directory