Subscribe
Accepted Solution

CIFS SID lookup

Hi,

 

Please advise how to lookup SID in clsuter data ontap 8.3

 

CIFS Lookup is not working.

 

Thanks.

 

Tony

Re: CIFS SID lookup

Hi Tony,

 

This works on 8.2.1, not sure if it's changed in 8.3

 

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1

S-1-5-21-3150332139-2813398079-754052488-1110

 

However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:

 

C:\>dsquery user forestroot -samid user1 | dsget user -sid
  sid
  S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: CIFS SID lookup

Hi,

 

I looks not able to resolve.  

 

Please see the attachment

 sid l ookup.jpg

Re: CIFS SID lookup

[ Edited ]

Hi,

Please advise - The error SecD Error: User not found"

 

SID lookup 2.jpg

Is there anyway to query the bulit-in user account

 

Tony

Re: CIFS SID lookup

Hi Tony,

 

The SID is not resolved to a user (or group) because the object has been deleted in Active Directory (hence any lookup on that SID will fail). You need to restore the group or user in able to resolve it. See

 

https://technet.microsoft.com/en-us/library/dd379509%28v=ws.10%29.aspx

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: CIFS SID lookup

Hi Matt,

 

I guess it is a built-in administrator of Netapp CIFS account.

 

How can I convert the bulit in administrator account to SID?

 

thanks.

 

Tony

Re: CIFS SID lookup

Hi Tony,

 

You can view the SID for a local vserver user by using the same method...for example:

 

cluster1::> vserver cifs users-and-groups local-user show -vserver vserver1
Vserver      User Name                   Full Name            Description
------------ --------------------------- -------------------- -------------
vserver1   VSERVER1\Administrator                         Built-in administrator account

nclaunsw01::> set diag

Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name Administrator
S-1-5-21-3601454379-3612699275-2053566262-500

 

I recommend reading the following article as this will help to understand the Syntax of a SID:

 

https://technet.microsoft.com/en-us/library/cc962011.aspx

 

Knowing this you can easily determin if the SID represents a local user or group verses a domain user or group by comparing the domain identifer in the SID. For example the domain identifer for the local administrator account in the above example is "21-3601454379-3612699275-2053566262" as compared to an AD user account with a domain identifier of "21-3150332139-2813398079-754052488". EG

 

cluster1::*> diag secd authentication translate -node local -vserver nvserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.