#33252 - 2002-11-22 05:54 PM
PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
There is a way to do this conversion:
PrimaryGroupID -> Group Name
Group Name -> PrimaryGroupID
Where PrimaryGroupID is the numerical value stored in USER ADSI object:
$obj = getobject("WinNT://$DOMAIN/Administrator,user")
? $obj.PrimaryGroupID
Returns:
1056
How can i convert this number to Group Name ?
And How can i convert group name to PrimaryGroupID?
|
|
Top
|
|
|
|
|
#33253 - 2002-11-22 06:15 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
The number returned as the "Primary GRoup" identifier is actually the RID of an object in the SAM - that object being a group.
You can work through a variety of methods to return the name such as:
Get the domain SID and append this number (RID) to get the Groups SID and do a reverse lookup.
Dump ALL accounts using my DumpDomain.exe which shows the name of the account and the RID on the same line.
There a Perl mechanism that will let me resolve the name with the RID. This function(Win32::NetAdmin::GetUserGroupFromRID) could be generically exposed in my Win32Admin.DLL.
[ 22. November 2002, 18:18: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#33254 - 2002-11-22 06:20 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
More info from the ADSI Help File: primaryGroupID
The primaryGroupID property is a single-valued property containing the relative identifier (RID) for the primary group of the user. By default, this is the RID for the Domain Users group. This property is not used in the context of the Active Directory.
|
|
Top
|
|
|
|
|
#33255 - 2002-11-22 07:05 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
A method you could employ in KiXtart is to read the KiXtart TokenCache (HKEY_CURRENT_USER\Software\KiXtart).
In it you will find SID values of the groups to which members belong. By enumerating the values and checking the RID which is the Right most number after the last "-" you could make the connection rather easily.
By adding and account to ALL groups you could build a data base of group SIDs/RIDs that you could reference in the future.
[ 23. November 2002, 16:22: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#33256 - 2002-11-23 02:15 PM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
|
|
Top
|
|
|
|
|
#33257 - 2002-11-23 02:54 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Since I participated in that thread with Shawn and Les, more SID related KiXtart code has been developed. You can find it in the "UDF Collection" by clicking UDFs by Member and then my name.
At my web site you will find KiXtart examples of how to use them.
[ 23. November 2002, 16:21: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#33258 - 2002-11-23 03:30 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Also are you getting this info for the user currently loggin on? If so, look at @PrimaryGroup. If you are enumerating the users from the domain then you will have to head down one of the other paths previously mantioned.
|
|
Top
|
|
|
|
|
#33260 - 2002-11-24 04:15 PM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
Thanks for all the suggestion, now i have GETSID and GETRID function, and i can retrive the name of Primary Group using 2 ini file, user.ini and group.ini. (i will post solution later)
Now i must find the way to set primarygroupID. I have tried:
$obj = GetObject("WinNT://$Server/$user,user")
? $obj.primarygroupID
$obj.primarygroupID=544 ;RID of Admistrators on my domain
$obj.setinfo
? $obj.primarygroupID
? @SERROR
I have obtained this error (logged as administrator):
COM exception error "setinfo" ((null) - (null)) [-2147352567/80020009]
Searching on net i have fonded this post:
..
There is no way to set primary group via ADSI, you will have to use the
NetUserSetInfo with level 1051 (USER_INFO_1051 struct) to do this. I have
forward this as an enhancement request for the WinNT provider.
..
http://groups.google.com/groups?q=USER_INFO_1051++adsi&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=efx0TVvk8GA.190%40uppssnewspub05.moswest.msn.net&rnum=1
Anyone have an idea?
P.S. I want to use this script to dump user and group and then save all of them in another nt server machine
|
|
Top
|
|
|
|
|
#33261 - 2002-11-24 04:20 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
You should look at my DumpDomain.exe on my web site if you want to dump accounts. I can also work on a Win32 account update program that works like my GrpMaint.exe so that you could selectively update various account attributes/properties such as PrimaryGroup.
{edit}
Or I could possibly add this functionality into my Win32Admin.DLL.
If anyone is interested, which way would you like it?
[ 24. November 2002, 16:31: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#33263 - 2002-11-24 05:33 PM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
I think it's a very useful tool to include in your
Win32Admin.DLL.
(currently i'm writing some other script that use this dll, specially for FTP feature)
But I want to try dumpdomain, it store all values in database (very interesting!!!!)
All my logon script is based on ini file like:
user.ini
group.ini
groupbyuser.ini
userbygroup.ini
etc... (many others)
i'm trying to extend them (whid Sid,Rid for example) to be useful in my simply (but useful) dump/restore procedure.
|
|
Top
|
|
|
|
|
#33264 - 2002-11-24 06:01 PM
Re: PrimaryGroupID to Group Name
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
The DumpDomain.exe creates a compressed text file that can be imported into a database. that is how I have it architected. I am currently working to updated/improve this functionality.
I provide LAN Admins around the world an easy way to query accounts and properties by updating a database.
I do not provide the DB load functionality in DumpDomain.exe. That is a value-added effort.
I am happy to hear that someone is using the DLL. How is it working for you? What items beside FTP have you been able to use? Any problems?
[ 24. November 2002, 18:03: Message edited by: Howard Bullock ]
|
|
Top
|
|
|
|
|
#33265 - 2002-11-24 06:33 PM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
You are right, i have tried dumpdomain and make a txt compressed file (useful to import in many ways, like kix, php etc...)
I'm working on a automatic update system. The program used on my network are updated via an ftp site. In it there are many directories (like
20112002_FixSomething) that i want to retrive and deploy to all client (during logon expecially).
I'm working on directory compare and automated update. Soon i will be able to write all the ftp GET routine to cache program update on server.
I want to
1. Nigthly retrive update.
2. If there are new directory or new file, tell to logon script to update client.
Win32admin is what i want to use. (and thank you very much!!!)
Next week i belive to have a beta version of my script to try.
|
|
Top
|
|
|
|
|
#33266 - 2002-11-26 10:21 AM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
OK This is the function for PRIMARYGROUPNAME that returns the full name of primari group (I use a version that involve .ini file, but works like this)
code:
Function GetPrimaryGroup($Computer,$user)
$UserObj = GetObject("WinNT://$Computer/$User,USER")
$PGID=$UserObj.PrimaryGroupID
$UserObj=0
$domain = GetObject("WinNT://$Computer")
$domain.filter = GROUP,""
$GetPrimaryGroup=""
For Each $Group IN $domain
$GroupName=$Group.Name
$AdsiPath="WinNT://$Computer/$GroupName,GROUP"
$gr = GetObject($AdsiPath)
$GRID = GetRID($AdsiPath)
If $GRID=$PGID
$GetPrimaryGroup=$GroupName
Return
EndIf
$Domain=0
EndFunction
Here is an example of use:
? GetPrimarygroup("SOLE","pagan")
MR. Howard Bullock, any update or other ideas to set PrimaryGroupID?
|
|
Top
|
|
|
|
|
#33268 - 2002-11-26 11:04 AM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
I'm workink on NT4 SP6a, i don't think i can use LDAP interface.... (or not?)
The primary reason of existance of this function in my mind is to find (or build) a tool that set primarygroup for a User. If i save 2 .ini file like this:
User.ini
[Username1]
Fullname=
Primarygroup=Mygroup1
[Username2]
Fullname=
Primarygroup=Mygroup2
Group.ini
[Mygroup1]
;all user that is part of this group
description=descr
Userame1=1
Username3=1
[Mygroup2]
.
.
I will be able to reproduce this structure in other computer. THe only thing I need now is setting Primarygroup (I use this with logon script and @PRIMARYGROUP to map email group drive for all user)
|
|
Top
|
|
|
|
|
#33271 - 2002-11-27 12:44 AM
Re: PrimaryGroupID to Group Name
|
Anonymous
Anonymous
Unregistered
|
Sorry for my bad english.(and for my bad mind..)
It's difficult for me to explain due to my english and my mind... ![[Frown]](images/icons/frown.gif)
I will try to be more clear... (impossible, but i want to try)
Every user is part of a particular Group. Every group have his specific thing to do; Every group has an E-mail Drive (M:) and it is mapped using @primarygroup Macro.
Example of logon script:
net use "m:" "\\$server\@primarygroup$"
I can set Primary group Only using User Manager.
I want to find another way to do this, using script, or command line utils.
For example, Suppose that i have to rebuild all account & group structure (without Rdisk or backup).
With ADSI i can create user, group, set Group for all user etc.. (based on .ini file that contain all information needed) But not set the primary group.
|
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
0 registered
and 1188 anonymous users online.
|
|
|
![[Big Grin]](images/icons/grin.gif){kind=icon}
