user and group information using Win32 API

siddharth · April 4, 2003, 5:09am

Hi,

I have written a WIN32 application to get all the users that own files on a
WINNT system using GetFileSecurity() + GetSecurityDescriptorOwner() APIs.
Then I get all the groups that this user belongs to using the API
NetUserGetLocalGroups() for each of the users obtained in the first step.

The output which I am displaying as 4 columns namely userId, username,
groupId and groupName. For fileowners of type "group", the groupId and
groupName are kept the same as userId and userName respectively. Now my
confusion arises because there are a lot of users with the same name (domain

username) with a different Sid. e.g. PERSISTENT\siddharth_aggarwal. has 6
entries below (even though there are only 2 unique groups that this user
belongs to: namely - BUILTIN\Administrators and BUILTIN\Users). So I am not
really sure why we have a different Sid for 2 user whose domainname+userName
is the same. i.e. Can the same user have 2 different Sid values?

Any pointers in this regard would be really helpful.

Thanks,
Siddharth

Attached output

UserID User Name
GroupID GroupName

S-1-1-0 \Everyone
S-1-1-0 \Everyone

S-1-5-21-1443438718-1192457488-1338337383-1015
PERSISTENT\siddharth_aggarwal S-1-5-32-544
BUILTIN\Administrators

S-1-5-21-1443438718-1192457488-1338337383-1015
PERSISTENT\siddharth_aggarwal S-1-5-32-545
BUILTIN\Users

S-1-5-21-1443438718-1192457488-1338337383-1318
PERSISTENT\siddharth_aggarwal S-1-5-32-544
BUILTIN\Administrators

S-1-5-21-1443438718-1192457488-1338337383-1318
PERSISTENT\siddharth_aggarwal S-1-5-32-545
BUILTIN\Users

S-1-5-21-1887572776-755525552-1806196434-1006 SANDIEGO\persist
S-1-5-32-545 BUILTIN\Users

S-1-5-21-1887572776-755525552-1806196434-500 SANDIEGO\Administrator
S-1-5-21-1887572776-755525552-1806196434-1007 SANDIEGO\ORA_DBA

S-1-5-21-1887572776-755525552-1806196434-500 SANDIEGO\Administrator
S-1-5-21-1887572776-755525552-1806196434-1010 SANDIEGO\se

S-1-5-21-1887572776-755525552-1806196434-500 SANDIEGO\Administrator
S-1-5-32-544 BUILTIN\Administrators

S-1-5-21-2000478354-299502267-725345543-2889 PERSISTENT\siddharth_aggarwal
S-1-5-32-544 BUILTIN\Administrators

S-1-5-21-2000478354-299502267-725345543-2889 PERSISTENT\siddharth_aggarwal
S-1-5-32-545 BUILTIN\Users

S-1-5-32-544 BUILTIN\Administrators
S-1-5-32-544 BUILTIN\Administrators

OSR_Community_User · April 4, 2003, 7:24am

What is PERSISTENT? A computer, or a domain?

siddharth · April 4, 2003, 7:36am

It is a domain. Sandiego is the computer.
“benson” wrote in message news:xxxxx@ntdev…
>
> What is PERSISTENT? A computer, or a domain?
>
>
>
>

OSR_Community_User · April 4, 2003, 8:43am

Have you been deleting and recreating that user name? Could you have
poorly synced BDC’s?

What I’d do is to write a separate program (though there may be such a
program in the Platform SDK samples) that does SDK->name mapping via
LookupAccountName, see if you really get the same name for those
multiple SIDS. If you aren’t checking errors when calling LAN, you could
be displaying ‘leftover’ strings.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Siddharth
Aggarwal
Sent: Friday, April 04, 2003 7:37 AM
To: NT Developers Interest List
Subject: [ntdev] Re: user and group information using Win32 API

It is a domain. Sandiego is the computer.
“benson” wrote in message news:xxxxx@ntdev…
>
> What is PERSISTENT? A computer, or a domain?
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@dchbk.us
To unsubscribe send a blank email to xxxxx@lists.osr.com

siddharth · April 4, 2003, 9:54am

I don’t think that sync-ing between PDCs and BDCs is really a problem. The
application gets users and groups information from the local host i.e.
“sandiego” (even though there is a PDC in our organization: domain
“PERSISTENT”)

I didn’t get you second remark about displaying leftover strings. My
algorithm is as follows:

Maintain a list of users on the host.
Scan each file system and for each file scanned:
a. Get the owner SID for this file using GetFileSecurity() +
GetSecurityDescriptorOwner() APIs. If this SID doesn’t exist in the above
list, add to list.
For each unique SID in above list determine all its groups using
NetUserGetLocalGroups(). For each group print:
userId, userName, groupId and groupName

So I’m not sure how the question of leftover strings arises?

Thanks a lot,
Siddharth

“benson” wrote in message news:xxxxx@ntdev…
>
> Have you been deleting and recreating that user name? Could you have
> poorly synced BDC’s?
>
> What I’d do is to write a separate program (though there may be such a
> program in the Platform SDK samples) that does SDK->name mapping via
> LookupAccountName, see if you really get the same name for those
> multiple SIDS. If you aren’t checking errors when calling LAN, you could
> be displaying ‘leftover’ strings.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Siddharth
> Aggarwal
> Sent: Friday, April 04, 2003 7:37 AM
> To: NT Developers Interest List
> Subject: [ntdev] Re: user and group information using Win32 API
>
>
> It is a domain. Sandiego is the computer.
> “benson” wrote in message news:xxxxx@ntdev…
> >
> > What is PERSISTENT? A computer, or a domain?
> >
> >
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@dchbk.us
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

Maxim_S_Shatskih · April 4, 2003, 3:09pm

> is the same. i.e. Can the same user have 2 different Sid values?

In fact, user is SID so, the question must be rephrased - “can
there be 2 users with the same domain name and user name”?

This situation is very strange, and looks like you have some machine
our of sync with domain controller or AD server.

Max

OSR_Community_User · April 4, 2003, 5:00pm

What do you mean by the userID of a group?

To answer your last question: say that you call LookupAccountName
passing in some buffers and a SID, and it succeeds.

Then you call it again with the same buffers, and it fails. It won’t
null out the buffers. If you fail to check for an error, you could end
up storing the old strings for a new SID.

Mostly, I bet that if you make a simple command line to call
LookupAccountName, you will find that those SIDS do NOT all map to the
same account, and some book-keeping error in your code is responsible
for the confusion.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Siddharth
Aggarwal
Sent: Friday, April 04, 2003 9:55 AM
To: NT Developers Interest List
Subject: [ntdev] Re: user and group information using Win32 API

I don’t think that sync-ing between PDCs and BDCs is really a problem.
The application gets users and groups information from the local host
i.e. “sandiego” (even though there is a PDC in our organization: domain
“PERSISTENT”)

I didn’t get you second remark about displaying leftover strings. My
algorithm is as follows:

Maintain a list of users on the host.
Scan each file system and for each file scanned:
a. Get the owner SID for this file using GetFileSecurity() +
GetSecurityDescriptorOwner() APIs. If this SID doesn’t exist in the
above list, add to list. 3. For each unique SID in above list determine
all its groups using NetUserGetLocalGroups(). For each group print:
userId, userName, groupId and groupName

So I’m not sure how the question of leftover strings arises?

Thanks a lot,
Siddharth

“benson” wrote in message news:xxxxx@ntdev…
>
> Have you been deleting and recreating that user name? Could you have
> poorly synced BDC’s?
>
> What I’d do is to write a separate program (though there may be such a

> program in the Platform SDK samples) that does SDK->name mapping via
> LookupAccountName, see if you really get the same name for those
> multiple SIDS. If you aren’t checking errors when calling LAN, you
> could be displaying ‘leftover’ strings.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Siddharth
> Aggarwal
> Sent: Friday, April 04, 2003 7:37 AM
> To: NT Developers Interest List
> Subject: [ntdev] Re: user and group information using Win32 API
>
>
> It is a domain. Sandiego is the computer.
> “benson” wrote in message news:xxxxx@ntdev…
> >
> > What is PERSISTENT? A computer, or a domain?
> >
> >
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@dchbk.us
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@dchbk.us
To unsubscribe send a blank email to xxxxx@lists.osr.com