Convert SID's to usernames/groups?

tempid picture tempid · Dec 15, 2010 · Viewed 7.8k times · Source

I'm looping through a network directory and trying to output the user/group names (permissions) associated with each file/folder. I'm getting the SID's back but I want the names like "group_test" and not "S-1-5-32-544". Here's my code -

var files = Directory.GetFiles(path, "*.*", SearchOption.TopDirectoryOnly);

                foreach (var f in files2)
                {
                    var fileInfo = new FileInfo(f);
                    var fs = fileInfo.GetAccessControl(AccessControlSections.Access);

                    foreach (FileSystemAccessRule rule in fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
                    {
                        var value = rule.IdentityReference.Value;
                        Response.Write(string.Format("File: {0} \t Usergroup: {1} <br/>", fileInfo.Name, value));
                    }  }

I get SID's from the above code but in the foreach loop, if I use this instead -

(NTAccount)((SecurityIdentifier)rule.IdentityReference).Translate(typeof(NTAccount)).Value

I get this exception - Some or all identity references could not be translated.

It appears that the Translate method does not work on remote shares. How do I retrieve the real names of the SID's? The remote server does not have LDAP.

Thank you.

Answer

nabrond picture nabrond · Dec 15, 2010

The problem is that you are trying to resolve a SID that is local to a remote machine. As the answer to this question states:

The SecurityReference object's Translate method does work on non-local SIDs but only for domain accounts...

This link provides an example for remotely resolving a SID using WMI which is probably the best method for accomplishing your task.