Convert SID's to usernames/groups?

Question

I'm looping through a network directory and trying to output the user/group names (permissions) associated with each file/folder. I'm getting the SID's back but I want the names like "group_test" and not "S-1-5-32-544". Here's my code -

var files = Directory.GetFiles(path, "*.*", SearchOption.TopDirectoryOnly);

                foreach (var f in files2)
                {
                    var fileInfo = new FileInfo(f);
                    var fs = fileInfo.GetAccessControl(AccessControlSections.Access);

                    foreach (FileSystemAccessRule rule in fs.GetAccessRules(true, true, typeof(System.Security.Principal.NTAccount)))
                    {
                        var value = rule.IdentityReference.Value;
                        Response.Write(string.Format("File: {0} \t Usergroup: {1} <br/>", fileInfo.Name, value));
                    }  }

I get SID's from the above code but in the foreach loop, if I use this instead -

(NTAccount)((SecurityIdentifier)rule.IdentityReference).Translate(typeof(NTAccount)).Value

I get this exception - Some or all identity references could not be translated.

It appears that the Translate method does not work on remote shares. How do I retrieve the real names of the SID's? The remote server does not have LDAP.

Thank you.

Answer 1

The problem is that you are trying to resolve a SID that is local to a remote machine. As the answer to this question states:

The SecurityReference object's Translate method does work on non-local SIDs but only for domain accounts...

This link provides an example for remotely resolving a SID using WMI which is probably the best method for accomplishing your task.

Answer 2

If you can use WMI you should be able to do it via the Win32_UserAccount class I think. It has a Name property and a SID property.

Or the Win32_Group class for the groups.

Here's an article for connecting to a remote pc using WMI that has C# code: How To: Connect to a Remote Computer