You can use this code to determine the DOMAIN\username from the Foreign Security Principal which is really the SID of the account. Pass the full distinguishedName of the ForeignSecurityPrincipal.
static string GetUserNameOfFSP(string ForeignSecurityPrincipal)
{
//Returns with syntax of "DOMAIN\logonname"
try
{
DirectoryEntry user = new DirectoryEntry("LDAP://" + ForeignSecurityPrincipal);
SecurityIdentifier sid = new SecurityIdentifier((byte[])user.InvokeGet("objectSid"), 0);
NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));
return account.ToString();
}
catch (DirectoryServicesCOMException e) { Console.Write(e.Message); return "Error"; }
}
I have some foreignsecurityprincipals and need to find out their account names. Do I need to change anything on your script before running itt???
You shouldn’t have to change anything.