开发者

PowerShell, is it possible to translate SID to ntaccount if you are not part of the domain?

I have this powershell code.

$securityidentifier = new-object security.principal.securityidentifier $sid
$user = ( $securityidentifier.translate( [security.principal.ntaccount] ) )

This code works only on a computer which is in the same domain as the user whose SID I would like to translate to nt开发者_如何学运维account.

Is it possible to translate SID to ntaccount if you are not part of the domain, but you have domain username and password for that domain ?

Still the same error.

Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated." At C:\...\test.ps1:7 char:40 + $user = ( $securityidentifier.translate <<<< ( [security.principal.ntaccount] ) ) + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException


Since you are not in the domain, your machine has no idea who (which domain controller) it should ask to resolve this SID. It seems that there is no server parameter for the Translatename Method.

If you resort to WinApi it's possible: use the LookupAccountSid API (specify a domain controller for the lpSystemName parameter).


Have you tried say, mapping a drive to the domain controller, which would effectively cache the credentials for the domain user? That may then allow access to translate the SID. I haven't tried this before, but it's worth giving it a shot.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜