DOCUMENT:Q177077 10-AUG-2001 [winnt] TITLE :How to Produce a List of Users and SIDs PRODUCT :Microsoft Windows NT PROD/VER:WINDOWS:2000; winnt:3.5,3.51,4.0 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Workstation versions 3.5, 3.51, 4.0 - Microsoft Windows NT Server versions 3.5, 3.51, 4.0 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Professional ------------------------------------------------------------------------------- SUMMARY ======= This article describes how to produce a sorted list of Windows NT user names and their corresponding Security Identifiers (SIDs). MORE INFORMATION ================ The following example will show you how to create a text file that contains each Windows NT Domain User listed with the corresponding SID. The solution outlined in this article uses the following utilities contained in the Windows NT 4.0 Server Resource Kit: Global.exe and Getsid.exe. 1. Make sure that the Global.exe and Getsid.exe utilities are installed on the computer running Windows NT and are accessible through the system's PATH variable. 2. Create a directory on the computer running Windows NT that has read/write permissions assigned to the user account you are logging in with. 3. Create the Listsid.bat, Listsid2.bat, Listsid3.bat, Cleanup.bat and Verify.bat files listed in this article. Create these files in the directory created in Step 2 above. 4. Execute the Listsid.bat file at an MS-DOS command prompt. The command has the following syntax: "LISTSID " (without the quotation marks) For Example: LISTSID MyDomain MyPDC 5. Examine the contents of Usersids.txt. Note: These series of batch files were designed to understand a username that can contain as many as three parts separated by spaces. For example, the following name is valid: Joe B. Admin The following name would not be valid: Joe B. Admin II The three batch files could be modified to support names if necessary. NOTE: The lines in Listsid.bat and Listsid2.bat that begin with "for /F" are wrapped for readibility. If these lines are not corrected before running, the batch jobs will not work. Listsid.bat ----------- echo off cls IF (%1)==() GOTO NoParams IF (%2)==() GOTO NoParams if exist usersids.txt del usersids.txt if exist domusers.txt del domusers.txt if exist domusers.tmp del domusers.tmp echo Creating list of users in %1. global "domain users" %1 > domusers.txt echo Removing machine names from list. for /F "tokens=1,2,3" %%a in (domusers.txt) do call cleanup.bat %%a %%b %%c del domusers.txt ren domusers.tmp domusers.txt echo Getting SIDs from PDC. for /F "tokens=1,2,3" %%a in (domusers.txt) do call listsid2.bat %2 %%a %%b %%c echo Sorting List. Please wait... sort /+1 < usersids.txt > sortsids.txt echo -------------------------------------------- del usersids.txt ren sortsids.txt USERSIDS.TXT echo Done! Outfile file is called: USERSIDS.TXT echo -------------------------------------------- goto Bottom :NoParams Echo usage: LISTSID [Domain Name] [PDC Name] Echo. Echo i.e. - LISTSID RESEARCHDOMAIN RESEARCHPDC Echo. :Bottom Listsid2.bat ------------ if exist user.txt del user.txt if not (%4) == () goto ThreeName if not (%3) == () goto TwoName getsid \\%1 %2 \\%1 %2 > user.txt for /F "skip=2 tokens=7" %%a in (user.txt) do call listsid3.bat %%a %2 goto Bottom2 :TwoName getsid \\%1 "%2 %3" \\%1 "%2 %3" > user.txt for /F "skip=2 tokens=8" %%a in (user.txt) do call listsid3.bat %%a %2 %3 goto Bottom2 :ThreeName getsid \\%1 "%2 %3 %4" \\%1 "%2 %3 %4" > user.txt for /F "skip=2 tokens=9" %%a in (user.txt) do call listsid3.bat %%a %2 %3 %4 goto Bottom2 :Bottom2 Listsid3.bat ------------ echo Now working on: %2 %3 %4 if not (%4) == () goto ThreeName if not (%3) == () goto TwoName echo %2 %1 >> usersids.txt Goto Bottom3 :TwoName echo %2 %3 %1 >> usersids.txt Goto Bottom3 :ThreeName echo %2 %3 %4 %1 >> usersids.txt :Bottom3 Cleanup.bat ----------- if exist onename.txt del onename.txt echo %1 > onename.txt for /F "delims=$ tokens=1" %%a in (onename.txt) do call verify.bat %%a %1 Verify.bat ---------- if (%1)==(%2) echo %1 >> domusers.tmp Additional query words: getsid username list sid ====================================================================== Keywords : Technology : kbWinNTsearch kbWinNTWsearch kbWinNTW400 kbWinNTW400search kbWinNT351search kbWinNT350search kbWinNT400search kbWinNTW350 kbWinNTW350search kbWinNTW351search kbWinNTW351 kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Serv kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbWinNTS351 kbWinNTS350 kbwin2000ServSearch kbwin2000Search kbwin2000ProSearch kbwin2000Pro kbWinNTS351search kbWinNTS350search kbWinAdvServSearch Version : WINDOWS:2000; winnt:3.5,3.51,4.0 Hardware : x86 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.