如何使用 WMI 检索 Windows 计算机的 SID? [英] How can I retrieve a Windows Computer's SID using WMI?

问题描述

我不是在寻找用户 SID.我正在寻找计算机 SID，活动目录将使用它来唯一标识计算机.我也不想查询活动目录服务器，我想查询计算机本身.

I'm not looking for User SIDs. I'm looking for the computer SID, which active directory would use to uniquely identify the computer. I also don't want to query the active directory server, i want to query the computer itself.

推荐答案

(哦，这很有趣！正如他们所说，我继续疯狂追逐，试图获取 Win32_SID 实例，它是一个单例和不能通过通常的 InstancesOf 或 Query 方法枚举...... yadda yadda yadda.)

(Ooh, this was a fun one! I went on a wild goose chase, as they say, trying to get the Win32_SID instance, which is a singleton and not enumerable by the usual InstancesOf or Query methods... yadda yadda yadda.)

好吧，这取决于您想要哪种计算机 SID(说真的！).有本地计算机自己使用的SID...为此，您只需获取本地Administrator用户的SID，并去掉末尾的-500"即可获得计算机的SID.

Well, it depends which computer SID you want (seriously!). There's the SID that the local computer uses for itself... For this, you just need to get the SID of the local Administrator user, and remove the "-500" from the end to get the computer's SID.

在 VBScript 中，它看起来像这样:

In VBScript, it looks like this:

strComputer = "AFAPC001"
strUsername = "Administrator"
Set objWMIService = GetObject("winmgmts:\" & strComputer & "
ootcimv2")
Set objAccount = objWMIService.Get("Win32_UserAccount.Name='" & strUsername & "',Domain='" & strComputer & "'")
WScript.Echo "Administrator account SID: " & objAccount.SID
WScript.Echo "Computer's SID: " & Left(objAccount.SID, Len(objAccount.SID) - 4)

在 PowerShell 中，像这样:

function get-sid
{
    Param ( $DSIdentity )
    $ID = new-object System.Security.Principal.NTAccount($DSIdentity)
    return $ID.Translate( [System.Security.Principal.SecurityIdentifier] ).toString()
}
> $admin = get-sid "Administrator"
> $admin.SubString(0, $admin.Length - 4)

在 .NET 3.5 上的 C# 中:

In C# on .NET 3.5:

using System;
using System.Security.Principal;
using System.DirectoryServices;
using System.Linq;
public static SecurityIdentifier GetComputerSid()
{
    return new SecurityIdentifier((byte[])new DirectoryEntry(string.Format("WinNT://{0},Computer", Environment.MachineName)).Children.Cast<DirectoryEntry>().First().InvokeGet("objectSID"), 0).AccountDomainSid;
}

所有这些结果与我从 PsGetSid.exe 得到的响应相匹配一>.

Results from all of these match the response I get from PsGetSid.exe.

另一方面，Active Directory 使用 SID 来标识每台域成员计算机...您可以通过获取域中计算机帐户的 SID 来获取该 SID — 以美元符号结尾的 SID.

On the other hand, there's the SID that Active Directory uses to identify each domain member computer... That one you fetch by getting the SID of the machine account in the domain--the one that ends with a dollar sign.

例如，对名为CLIENT"的域成员使用上述 PowerShell 函数，您可以键入 get-sid "CLIENT$".

E.g., using the above PowerShell function for a domain member called "CLIENT", you can type get-sid "CLIENT$".

这篇关于如何使用 WMI 检索 Windows 计算机的 SID?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！