Discussion:
Get access token information using vbscript ?
(too old to reply)
Vilius Mockûnas
2009-08-15 10:42:59 UTC
Permalink
Hello,

Is it possible to get access token information using vbscript ?

thanks
Vilius
Richard Mueller [MVP]
2009-08-16 17:46:22 UTC
Permalink
Post by Vilius Mockûnas
Hello,
Is it possible to get access token information using vbscript ?
thanks
Vilius
Most of the information in the access token provided to a user when they
authenticate is identical to the information you get when you retrieve the
value of the tokenGroups attribute of the user object. This is an
operational attribute, meaning the values are constructed by AD upon
request. It is a multi-valued array of security group SID's. Each SID value
is itself a byte array. An example for the current user could be:
===========
Option Explicit
Dim objSysInfo, strUserDN, objUser
Dim arrbytSIDs, j, arrstrGroupSIDs()
Dim strHexSID

' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)

' Retrieve tokenGroups attribute.
objUser.GetInfoEx Array("tokenGroups"), 0
arrbytSIDs = objUser.Get("tokenGroups")

' Convert into an array of hex string values.
If (UBound(arrbytSIDs) = -1) Then
' No group SID values, do nothing.
ElseIf (TypeName(arrbytSIDs) = "Byte()") Then
' One group SID.
ReDim arrstrGroupSIDs(0)
arrstrGroupSIDs(0) = OctetToHexStr(arrbytSIDs)
Else
' More than one SID value in the array.
ReDim arrstrGroupSIDs(UBound(arrbytSIDs))
For j = 0 To UBound(arrbytSIDs)
arrstrGroupSIDs(j) = OctetToHexStr(arrbytSIDs(j))
Next
End If

' Display the SID values.
' Display both hex and decimal values.
For Each strHexSID In arrstrGroupSIDs
Wscript.Echo strHexSID
Wscript.Echo HexSIDToDec(strHexSID)
Next

Function OctetToHexStr(ByVal arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function

Function HexSIDToDec(ByVal strSID)
' Function to convert most hex SID values to decimal format.

Dim arrbytSID, lngTemp, j

ReDim arrbytSID(Len(strSID)/2 - 1)
For j = 0 To UBound(arrbytSID)
arrbytSID(j) = CInt("&H" & Mid(strSID, 2*j + 1, 2))
Next

If (UBound(arrbytSID) = 11) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)

Exit Function
End If

If (UBound(arrbytSID) = 15) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)

lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)

HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)

Exit Function
End If

HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)

lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)

HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)

lngTemp = arrbytSID(19)
lngTemp = lngTemp * 256 + arrbytSID(18)
lngTemp = lngTemp * 256 + arrbytSID(17)
lngTemp = lngTemp * 256 + arrbytSID(16)

HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)

lngTemp = arrbytSID(23)
lngTemp = lngTemp * 256 + arrbytSID(22)
lngTemp = lngTemp * 256 + arrbytSID(21)
lngTemp = lngTemp * 256 + arrbytSID(20)

HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)

If (UBound(arrbytSID) > 23) Then
lngTemp = arrbytSID(25)
lngTemp = lngTemp * 256 + arrbytSID(24)

HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
End If

End Function
PaulM
2009-08-16 17:55:29 UTC
Permalink
Not sure right now, maybe someone else would know.
Post by Richard Mueller [MVP]
Post by Vilius Mockûnas
Hello,
Is it possible to get access token information using vbscript ?
thanks
Vilius
Most of the information in the access token provided to a user when they
authenticate is identical to the information you get when you retrieve the
value of the tokenGroups attribute of the user object. This is an
operational attribute, meaning the values are constructed by AD upon
request. It is a multi-valued array of security group SID's. Each SID
===========
Option Explicit
Dim objSysInfo, strUserDN, objUser
Dim arrbytSIDs, j, arrstrGroupSIDs()
Dim strHexSID
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
' Retrieve tokenGroups attribute.
objUser.GetInfoEx Array("tokenGroups"), 0
arrbytSIDs = objUser.Get("tokenGroups")
' Convert into an array of hex string values.
If (UBound(arrbytSIDs) = -1) Then
' No group SID values, do nothing.
ElseIf (TypeName(arrbytSIDs) = "Byte()") Then
' One group SID.
ReDim arrstrGroupSIDs(0)
arrstrGroupSIDs(0) = OctetToHexStr(arrbytSIDs)
Else
' More than one SID value in the array.
ReDim arrstrGroupSIDs(UBound(arrbytSIDs))
For j = 0 To UBound(arrbytSIDs)
arrstrGroupSIDs(j) = OctetToHexStr(arrbytSIDs(j))
Next
End If
' Display the SID values.
' Display both hex and decimal values.
For Each strHexSID In arrstrGroupSIDs
Wscript.Echo strHexSID
Wscript.Echo HexSIDToDec(strHexSID)
Next
Function OctetToHexStr(ByVal arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function
Function HexSIDToDec(ByVal strSID)
' Function to convert most hex SID values to decimal format.
Dim arrbytSID, lngTemp, j
ReDim arrbytSID(Len(strSID)/2 - 1)
For j = 0 To UBound(arrbytSID)
arrbytSID(j) = CInt("&H" & Mid(strSID, 2*j + 1, 2))
Next
If (UBound(arrbytSID) = 11) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
Exit Function
End If
If (UBound(arrbytSID) = 15) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
Exit Function
End If
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(19)
lngTemp = lngTemp * 256 + arrbytSID(18)
lngTemp = lngTemp * 256 + arrbytSID(17)
lngTemp = lngTemp * 256 + arrbytSID(16)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(23)
lngTemp = lngTemp * 256 + arrbytSID(22)
lngTemp = lngTemp * 256 + arrbytSID(21)
lngTemp = lngTemp * 256 + arrbytSID(20)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
If (UBound(arrbytSID) > 23) Then
lngTemp = arrbytSID(25)
lngTemp = lngTemp * 256 + arrbytSID(24)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
End If
End Function
Vilius Mockûnas
2009-08-16 20:00:16 UTC
Permalink
Hello,

But this one only works for domain accounts ?

V
Post by Richard Mueller [MVP]
Post by Vilius Mockûnas
Hello,
Is it possible to get access token information using vbscript ?
thanks
Vilius
Most of the information in the access token provided to a user when they
authenticate is identical to the information you get when you retrieve the
value of the tokenGroups attribute of the user object. This is an
operational attribute, meaning the values are constructed by AD upon
request. It is a multi-valued array of security group SID's. Each SID
===========
Option Explicit
Dim objSysInfo, strUserDN, objUser
Dim arrbytSIDs, j, arrstrGroupSIDs()
Dim strHexSID
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
' Retrieve tokenGroups attribute.
objUser.GetInfoEx Array("tokenGroups"), 0
arrbytSIDs = objUser.Get("tokenGroups")
' Convert into an array of hex string values.
If (UBound(arrbytSIDs) = -1) Then
' No group SID values, do nothing.
ElseIf (TypeName(arrbytSIDs) = "Byte()") Then
' One group SID.
ReDim arrstrGroupSIDs(0)
arrstrGroupSIDs(0) = OctetToHexStr(arrbytSIDs)
Else
' More than one SID value in the array.
ReDim arrstrGroupSIDs(UBound(arrbytSIDs))
For j = 0 To UBound(arrbytSIDs)
arrstrGroupSIDs(j) = OctetToHexStr(arrbytSIDs(j))
Next
End If
' Display the SID values.
' Display both hex and decimal values.
For Each strHexSID In arrstrGroupSIDs
Wscript.Echo strHexSID
Wscript.Echo HexSIDToDec(strHexSID)
Next
Function OctetToHexStr(ByVal arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function
Function HexSIDToDec(ByVal strSID)
' Function to convert most hex SID values to decimal format.
Dim arrbytSID, lngTemp, j
ReDim arrbytSID(Len(strSID)/2 - 1)
For j = 0 To UBound(arrbytSID)
arrbytSID(j) = CInt("&H" & Mid(strSID, 2*j + 1, 2))
Next
If (UBound(arrbytSID) = 11) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
Exit Function
End If
If (UBound(arrbytSID) = 15) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
Exit Function
End If
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(19)
lngTemp = lngTemp * 256 + arrbytSID(18)
lngTemp = lngTemp * 256 + arrbytSID(17)
lngTemp = lngTemp * 256 + arrbytSID(16)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(23)
lngTemp = lngTemp * 256 + arrbytSID(22)
lngTemp = lngTemp * 256 + arrbytSID(21)
lngTemp = lngTemp * 256 + arrbytSID(20)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
If (UBound(arrbytSID) > 23) Then
lngTemp = arrbytSID(25)
lngTemp = lngTemp * 256 + arrbytSID(24)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
End If
End Function
Richard Mueller [MVP]
2009-08-16 20:12:07 UTC
Permalink
Yes, this only applies to domain accounts. For local accounts you can bind
with the WinNT provider and retrieve the objectSID attribute and treat it
the same way, as a single-valued SID value, which is a byte array, and
convert to hex or decimal format. But I know of no way to retrieve the
equivalent of tokenGroups.
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Post by Vilius Mockûnas
Hello,
But this one only works for domain accounts ?
V
Post by Richard Mueller [MVP]
Post by Vilius Mockûnas
Hello,
Is it possible to get access token information using vbscript ?
thanks
Vilius
Most of the information in the access token provided to a user when they
authenticate is identical to the information you get when you retrieve
the value of the tokenGroups attribute of the user object. This is an
operational attribute, meaning the values are constructed by AD upon
request. It is a multi-valued array of security group SID's. Each SID
===========
Option Explicit
Dim objSysInfo, strUserDN, objUser
Dim arrbytSIDs, j, arrstrGroupSIDs()
Dim strHexSID
' Bind to current user object.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUserDN)
' Retrieve tokenGroups attribute.
objUser.GetInfoEx Array("tokenGroups"), 0
arrbytSIDs = objUser.Get("tokenGroups")
' Convert into an array of hex string values.
If (UBound(arrbytSIDs) = -1) Then
' No group SID values, do nothing.
ElseIf (TypeName(arrbytSIDs) = "Byte()") Then
' One group SID.
ReDim arrstrGroupSIDs(0)
arrstrGroupSIDs(0) = OctetToHexStr(arrbytSIDs)
Else
' More than one SID value in the array.
ReDim arrstrGroupSIDs(UBound(arrbytSIDs))
For j = 0 To UBound(arrbytSIDs)
arrstrGroupSIDs(j) = OctetToHexStr(arrbytSIDs(j))
Next
End If
' Display the SID values.
' Display both hex and decimal values.
For Each strHexSID In arrstrGroupSIDs
Wscript.Echo strHexSID
Wscript.Echo HexSIDToDec(strHexSID)
Next
Function OctetToHexStr(ByVal arrbytOctet)
' Function to convert OctetString (byte array) to Hex string.
Dim k
OctetToHexStr = ""
For k = 1 To Lenb(arrbytOctet)
OctetToHexStr = OctetToHexStr _
& Right("0" & Hex(Ascb(Midb(arrbytOctet, k, 1))), 2)
Next
End Function
Function HexSIDToDec(ByVal strSID)
' Function to convert most hex SID values to decimal format.
Dim arrbytSID, lngTemp, j
ReDim arrbytSID(Len(strSID)/2 - 1)
For j = 0 To UBound(arrbytSID)
arrbytSID(j) = CInt("&H" & Mid(strSID, 2*j + 1, 2))
Next
If (UBound(arrbytSID) = 11) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
Exit Function
End If
If (UBound(arrbytSID) = 15) Then
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
Exit Function
End If
HexSIDToDec = "S-" & arrbytSID(0) & "-" _
& arrbytSID(1) & "-" & arrbytSID(8)
lngTemp = arrbytSID(15)
lngTemp = lngTemp * 256 + arrbytSID(14)
lngTemp = lngTemp * 256 + arrbytSID(13)
lngTemp = lngTemp * 256 + arrbytSID(12)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(19)
lngTemp = lngTemp * 256 + arrbytSID(18)
lngTemp = lngTemp * 256 + arrbytSID(17)
lngTemp = lngTemp * 256 + arrbytSID(16)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
lngTemp = arrbytSID(23)
lngTemp = lngTemp * 256 + arrbytSID(22)
lngTemp = lngTemp * 256 + arrbytSID(21)
lngTemp = lngTemp * 256 + arrbytSID(20)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
If (UBound(arrbytSID) > 23) Then
lngTemp = arrbytSID(25)
lngTemp = lngTemp * 256 + arrbytSID(24)
HexSIDToDec = HexSIDToDec & "-" & CStr(lngTemp)
End If
End Function
Loading...