I have created a PHP script that will query an LDAP server, look at

Question

0

Asked: June 15, 20262026-06-15T03:20:57+00:00 2026-06-15T03:20:57+00:00

I have created a PHP script that will query an LDAP server, look at

0

I have created a PHP script that will query an LDAP server, look at a list of Groups, and then get the Members array for each Group and dump the results into a MySQL database. This all works great, but sometimes I get a Foreign Security Principal instead of a User. The whole point of this exercise is to convert this list of Members into a readable list for non-IT people, so I need ideally, First Name, Last Name and if possible Username. However the Foreign Security Principal is just a string of numbers.

We have about 80+ different trusted domains that it could have come from, so how can I work out what domain this foreign account belongs to, and also an attribute that I can use to search that other domain for the User?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-15T03:20:58+00:00

Editorial Team

2026-06-15T03:20:58+00:00Added an answer on June 15, 2026 at 3:20 am

The string of numbers should be the user’s SID (e.g. S-1-5-…). This is the attribute you would use to search.

The first part of the SID is the domain’s SID, e.g. S-1-5-21-1234567890-1234567890-1234567890. You should enumerate the domain’s trusts, and find the domain with that SID.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have created a PHP script that will query an LDAP server, look at

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply