Network and Storage Protocols

CIFS SID lookup

TonyWu
32,954 Views

Hi,

 

Please advise how to lookup SID in clsuter data ontap 8.3

 

CIFS Lookup is not working.

 

Thanks.

 

Tony

1 ACCEPTED SOLUTION

mbeattie
32,950 Views

Hi Tony,

 

This works on 8.2.1, not sure if it's changed in 8.3

 

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1

S-1-5-21-3150332139-2813398079-754052488-1110

 

However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:

 

C:\>dsquery user forestroot -samid user1 | dsget user -sid
  sid
  S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

8 REPLIES 8

mbeattie
32,951 Views

Hi Tony,

 

This works on 8.2.1, not sure if it's changed in 8.3

 

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1

S-1-5-21-3150332139-2813398079-754052488-1110

 

However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:

 

C:\>dsquery user forestroot -samid user1 | dsget user -sid
  sid
  S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

TonyWu
32,946 Views

Hi,

 

I looks not able to resolve.  

 

Please see the attachment

 sid l ookup.jpg

TonyWu
32,944 Views

Hi,

Please advise - The error SecD Error: User not found"

 

SID lookup 2.jpg

Is there anyway to query the bulit-in user account

 

Tony

mbeattie
32,930 Views

Hi Tony,

 

The SID is not resolved to a user (or group) because the object has been deleted in Active Directory (hence any lookup on that SID will fail). You need to restore the group or user in able to resolve it. See

 

https://technet.microsoft.com/en-us/library/dd379509%28v=ws.10%29.aspx

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

TonyWu
32,928 Views

Hi Matt,

 

I guess it is a built-in administrator of Netapp CIFS account.

 

How can I convert the bulit in administrator account to SID?

 

thanks.

 

Tony

mbeattie
32,918 Views

Hi Tony,

 

You can view the SID for a local vserver user by using the same method...for example:

 

cluster1::> vserver cifs users-and-groups local-user show -vserver vserver1
Vserver      User Name                   Full Name            Description
------------ --------------------------- -------------------- -------------
vserver1   VSERVER1\Administrator                         Built-in administrator account

nclaunsw01::> set diag

Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name Administrator
S-1-5-21-3601454379-3612699275-2053566262-500

 

I recommend reading the following article as this will help to understand the Syntax of a SID:

 

https://technet.microsoft.com/en-us/library/cc962011.aspx

 

Knowing this you can easily determin if the SID represents a local user or group verses a domain user or group by comparing the domain identifer in the SID. For example the domain identifer for the local administrator account in the above example is "21-3601454379-3612699275-2053566262" as compared to an AD user account with a domain identifier of "21-3150332139-2813398079-754052488". EG

 

cluster1::*> diag secd authentication translate -node local -vserver nvserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

cyberoy
23,703 Views

Hello, 

 

I am having the same issue as mentioned above, however the groups are in AD and still SID translation is not happening.

 

I have checked almost everything, and still unable to find the issue.

 

diag secd command doesnt work for me on 8.3.2

 

Appreciate any help...

 

Thank you and Regards

ShrikantWD
12,102 Views
toaster> cifs lookup mday
  SID = S-1-5-21-39724982-1647982808-1376457959-1221

  toaster> cifs lookup NT-DOMAIN\mday
  SID = S-1-5-21-39724982-1647982808-1376457959-1221

  toaster> cifs lookup BUILTIN\Administrators
  SID = S-1-5-32-544

  toaster> cifs lookup S-1-5-32-544
  name = BUILTIN\Administrators

  toaster> cifs lookup nonexistentuser
  lookup failed

 

 

Public