Create SID?

Re: Create SID?

Anders,

I would think that if you create the user on the domain, then the user
will be recognized across the domain.

Also, having the same SID for a user in two different domains doesn't
get you anything.

Hope this helps.

--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard. caspershouse.co m

<anders@aleborg .se> wrote in message
news:1AED094B-C522-4F02-B9DF-9890D9694953@mi crosoft.com...[color=blue]
> Hi!
>
> To create a new Windows account I use this code:
>
> const int UF_PASSWD_CANT_ CHANGE = 0x0040;
> const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
> DirectoryEntry obDirEntry = new DirectoryEntry( "WinNT://" + domain);
> DirectoryEntrie s entries = obDirEntry.Chil dren;
> DirectoryEntry obUser = entries.Add(use rname, "User");
> obUser.Properti es["FullName"].Add(name);
> obUser.Properti es["UserFlags"].Add(UF_PASSWD_ CANT_CHANGE |
> UF_DONT_EXPIRE_ PASSWD);
> if(homedir.Leng th>0)
> obUser.Properti es["HomeDirect ory"].Add(homedir);
> object obRet = obUser.Invoke(" SetPassword", password);
> obUser.CommitCh anges();
>
> My question is, is it possible to create a new windows account with a
> certain SID?
> In the case I wan't to replicate a user on another server.
>
> Regards
> Anders Aleborg
> Aleborg Solutions[/color]

Re: Create SID?


<anders@aleborg .se> wrote in message
news:1AED094B-C522-4F02-B9DF-9890D9694953@mi crosoft.com...
| Hi!
|
| To create a new Windows account I use this code:
|
| const int UF_PASSWD_CANT_ CHANGE = 0x0040;
| const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
| DirectoryEntry obDirEntry = new DirectoryEntry( "WinNT://" + domain);
| DirectoryEntrie s entries = obDirEntry.Chil dren;
| DirectoryEntry obUser = entries.Add(use rname, "User");
| obUser.Properti es["FullName"].Add(name);
| obUser.Properti es["UserFlags"].Add(UF_PASSWD_ CANT_CHANGE |
| UF_DONT_EXPIRE_ PASSWD);
| if(homedir.Leng th>0)
| obUser.Properti es["HomeDirect ory"].Add(homedir);
| object obRet = obUser.Invoke(" SetPassword", password);
| obUser.CommitCh anges();
|
| My question is, is it possible to create a new windows account with a
| certain SID?
| In the case I wan't to replicate a user on another server.
|
| Regards
| Anders Aleborg
| Aleborg Solutions

Not sure what you are trying to achieve, but if you need to clone user
accounts, you first have to clone the machine SID.

Willy.

Re: Create SID?

Hi!

This is how I am thinking, the accounts I'm creating is for anonymous access
to websites and ftp accounts, these type of accounts I try to exclude from
the domain and create them on each server instead, one of the reasons is that
it's so many accounts(we're talking thousands of accounts).
The reason I wan't to recreate the account along with the SID is IF we for
some reason wan't to move all users to another server, we can just take the
harddrive with the files for the website and move it, recreate all users and
all permissions on files and folders will continue to work. Permissions are
tied to SID, not to the accounts name.

The other way to do this is to save all permissions in a database (we save
username and passwords for all accounts in a database already, that's why we
easy can restore the users), the problem is that this way of doing it is time
consuming, we need to loop all users that has permissions on a file and if it
matches the current username save it to a DB or XML file (we havn't found out
a way to get the permissions without looping).


Regards
Anders Aleborg
Aleborg Solutions


"Nicholas Paldino [.NET/C# MVP]" wrote:
[color=blue]
> Anders,
>
> I would think that if you create the user on the domain, then the user
> will be recognized across the domain.
>
> Also, having the same SID for a user in two different domains doesn't
> get you anything.
>
> Hope this helps.
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard. caspershouse.co m
>
> <anders@aleborg .se> wrote in message
> news:1AED094B-C522-4F02-B9DF-9890D9694953@mi crosoft.com...[color=green]
> > Hi!
> >
> > To create a new Windows account I use this code:
> >
> > const int UF_PASSWD_CANT_ CHANGE = 0x0040;
> > const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
> > DirectoryEntry obDirEntry = new DirectoryEntry( "WinNT://" + domain);
> > DirectoryEntrie s entries = obDirEntry.Chil dren;
> > DirectoryEntry obUser = entries.Add(use rname, "User");
> > obUser.Properti es["FullName"].Add(name);
> > obUser.Properti es["UserFlags"].Add(UF_PASSWD_ CANT_CHANGE |
> > UF_DONT_EXPIRE_ PASSWD);
> > if(homedir.Leng th>0)
> > obUser.Properti es["HomeDirect ory"].Add(homedir);
> > object obRet = obUser.Invoke(" SetPassword", password);
> > obUser.CommitCh anges();
> >
> > My question is, is it possible to create a new windows account with a
> > certain SID?
> > In the case I wan't to replicate a user on another server.
> >
> > Regards
> > Anders Aleborg
> > Aleborg Solutions[/color]
>
>
>[/color]

Re: Create SID?

Simple answer; use the right tools for the job. Norton ghost, Power Quest
Image drive are a few tools that are designed to do exactly this.


Willy.

<anders@aleborg .se> wrote in message
news:AA108326-DE88-400C-98C9-05010E3C46B2@mi crosoft.com...
| Hi!
|
| This is how I am thinking, the accounts I'm creating is for anonymous
access
| to websites and ftp accounts, these type of accounts I try to exclude from
| the domain and create them on each server instead, one of the reasons is
that
| it's so many accounts(we're talking thousands of accounts).
| The reason I wan't to recreate the account along with the SID is IF we for
| some reason wan't to move all users to another server, we can just take
the
| harddrive with the files for the website and move it, recreate all users
and
| all permissions on files and folders will continue to work. Permissions
are
| tied to SID, not to the accounts name.
|
| The other way to do this is to save all permissions in a database (we save
| username and passwords for all accounts in a database already, that's why
we
| easy can restore the users), the problem is that this way of doing it is
time
| consuming, we need to loop all users that has permissions on a file and if
it
| matches the current username save it to a DB or XML file (we havn't found
out
| a way to get the permissions without looping).
|
|
| Regards
| Anders Aleborg
| Aleborg Solutions
|
|
| "Nicholas Paldino [.NET/C# MVP]" wrote:
|
| > Anders,
| >
| > I would think that if you create the user on the domain, then the
user
| > will be recognized across the domain.
| >
| > Also, having the same SID for a user in two different domains
doesn't
| > get you anything.
| >
| > Hope this helps.
| >
| > --
| > - Nicholas Paldino [.NET/C# MVP]
| > - mvp@spam.guard. caspershouse.co m
| >
| > <anders@aleborg .se> wrote in message
| > news:1AED094B-C522-4F02-B9DF-9890D9694953@mi crosoft.com...
| > > Hi!
| > >
| > > To create a new Windows account I use this code:
| > >
| > > const int UF_PASSWD_CANT_ CHANGE = 0x0040;
| > > const int UF_DONT_EXPIRE_ PASSWD = 0x10000;
| > > DirectoryEntry obDirEntry = new DirectoryEntry( "WinNT://" + domain);
| > > DirectoryEntrie s entries = obDirEntry.Chil dren;
| > > DirectoryEntry obUser = entries.Add(use rname, "User");
| > > obUser.Properti es["FullName"].Add(name);
| > > obUser.Properti es["UserFlags"].Add(UF_PASSWD_ CANT_CHANGE |
| > > UF_DONT_EXPIRE_ PASSWD);
| > > if(homedir.Leng th>0)
| > > obUser.Properti es["HomeDirect ory"].Add(homedir);
| > > object obRet = obUser.Invoke(" SetPassword", password);
| > > obUser.CommitCh anges();
| > >
| > > My question is, is it possible to create a new windows account with a
| > > certain SID?
| > > In the case I wan't to replicate a user on another server.
| > >
| > > Regards
| > > Anders Aleborg
| > > Aleborg Solutions
| >
| >
| >