Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

CIFS SID lookup

TonyWu
‎2015-03-08 07:40 PM
32,952 Views

Hi,

 

Please advise how to lookup SID in clsuter data ontap 8.3

 

CIFS Lookup is not working.

 

Thanks.

 

Tony

0 Kudos
View By:
Tags (1)
1 ACCEPTED SOLUTION

mbeattie
NetApp
‎2015-03-08 08:18 PM
32,948 Views

Hi Tony,

 

This works on 8.2.1, not sure if it's changed in 8.3

 

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1

S-1-5-21-3150332139-2813398079-754052488-1110

 

However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:

 

C:\>dsquery user forestroot -samid user1 | dsget user -sid
  sid
  S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

8 REPLIES 8

mbeattie
NetApp
‎2015-03-08 08:18 PM
32,949 Views

Hi Tony,

 

This works on 8.2.1, not sure if it's changed in 8.3

 

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name user1

S-1-5-21-3150332139-2813398079-754052488-1110

 

However if all you want is the SID of an AD user you might consider using the dsquery utility if you have the RSAT tools installed. EG:

 

C:\>dsquery user forestroot -samid user1 | dsget user -sid
  sid
  S-1-5-21-3150332139-2813398079-754052488-1110
dsget succeeded

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

TonyWu
‎2015-03-08 08:24 PM
In response to mbeattie
32,944 Views

Hi,

 

I looks not able to resolve.  

 

Please see the attachment

 sid l ookup.jpg

0 Kudos

TonyWu
‎2015-03-08 08:27 PM
In response to TonyWu
32,942 Views

Hi,

Please advise - The error SecD Error: User not found"

 

SID lookup 2.jpg

Is there anyway to query the bulit-in user account

 

Tony

0 Kudos

mbeattie
NetApp
‎2015-03-08 09:02 PM
In response to TonyWu
32,928 Views

Hi Tony,

 

The SID is not resolved to a user (or group) because the object has been deleted in Active Directory (hence any lookup on that SID will fail). You need to restore the group or user in able to resolve it. See

 

https://technet.microsoft.com/en-us/library/dd379509%28v=ws.10%29.aspx

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos

TonyWu
‎2015-03-08 09:04 PM
In response to mbeattie
32,926 Views

Hi Matt,

 

I guess it is a built-in administrator of Netapp CIFS account.

 

How can I convert the bulit in administrator account to SID?

 

thanks.

 

Tony

0 Kudos

mbeattie
NetApp
‎2015-03-08 10:43 PM
In response to TonyWu
32,916 Views

Hi Tony,

 

You can view the SID for a local vserver user by using the same method...for example:

 

cluster1::> vserver cifs users-and-groups local-user show -vserver vserver1
Vserver      User Name                   Full Name            Description
------------ --------------------------- -------------------- -------------
vserver1   VSERVER1\Administrator                         Built-in administrator account

nclaunsw01::> set diag

Warning: These diagnostic commands are for use by NetApp personnel only.
Do you want to continue? {y|n}: y

cluster1::*> diag secd authentication translate -node local -vserver vserver1 -win-name Administrator
S-1-5-21-3601454379-3612699275-2053566262-500

 

I recommend reading the following article as this will help to understand the Syntax of a SID:

 

https://technet.microsoft.com/en-us/library/cc962011.aspx

 

Knowing this you can easily determin if the SID represents a local user or group verses a domain user or group by comparing the domain identifer in the SID. For example the domain identifer for the local administrator account in the above example is "21-3601454379-3612699275-2053566262" as compared to an AD user account with a domain identifier of "21-3150332139-2813398079-754052488". EG

 

cluster1::*> diag secd authentication translate -node local -vserver nvserver1 -win-name user1
S-1-5-21-3150332139-2813398079-754052488-1110

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

cyberoy
‎2018-02-11 10:43 PM
23,701 Views

Hello, 

 

I am having the same issue as mentioned above, however the groups are in AD and still SID translation is not happening.

 

I have checked almost everything, and still unable to find the issue.

 

diag secd command doesnt work for me on 8.3.2

 

Appreciate any help...

 

Thank you and Regards

0 Kudos

ShrikantWD
‎2020-11-23 02:11 PM
In response to cyberoy
12,100 Views 
toaster> cifs lookup mday
  SID = S-1-5-21-39724982-1647982808-1376457959-1221

  toaster> cifs lookup NT-DOMAIN\mday
  SID = S-1-5-21-39724982-1647982808-1376457959-1221

  toaster> cifs lookup BUILTIN\Administrators
  SID = S-1-5-32-544

  toaster> cifs lookup S-1-5-32-544
  name = BUILTIN\Administrators

  toaster> cifs lookup nonexistentuser
  lookup failed

 

 

0 Kudos
Announcements
All Community Forums
Public