VB.NET SID Binding to Convert SID to Account Name or Another Desired Object's Properties
Introduction
SID binding relieves the difficulty of using the API LookupAccountSid , in which you have to create a session for the domain controller the SID belongs to and to remove the same. Consider the scenario.
Scenario
You are accessing a domain controller, say Dc1 from client machine. A session is created for dc1 and process of converting SID to account name using LookupAccountSid is continuing, assume for a long time in the client machine. Using the session created for dc1, hackers may try to access the information. So to avoid this, here comes SID binding, in which SID to account name or other desired properties is taken in a secure manner.
SID binding
The process of binding with directory can also be done using the object's SID. Follow the syntax below to bind with directory and to retrieve required properties.
"LDAP://<SID=xxxxxxx...>"
Sample code
The sample VB code of SID binding using System.DirectoryServices.Directoryentry is as follows:
'Say domain controller name as DC1
' Retreive the desired property say commonname (cn)
Imports System.DirectoryServices
Sub Main()
' Here provide the domain controller name and SID
Dim strAdsPath as string= "LDAP://DC1/<;SID=xxxxxxx...>"
' provide username and password of DC1
Try
Dim dentry as New DirectoryEntry(strAdsPath,UserName,Password,AuthenticationType.Secure)
' check if the property is available
If dentry.Properties.contains("cn") Then
' any property can be retrived like objectGUID,description,firstname,lastname,displayname ..etc
Dim strCommonName as string= dentry.Properties("cn")(0)
Console.Writeline("The common name of the SID xxxxxxx... is " & strCommonName)
End If
Catch ex as exception
dentry.dispose() ' free up the resources occupied
End try
End Sub