I am enumerating members of groups in our Active Directory. This goes well until I come across users from another domain, who are referenced with DNs like CN=S-1-5-21-3579272529-3368358661-2280984729-14762,CN=ForeignSecrityPrincipals,
DC=example,DC=com.
Typically, I look for a solution in VBscript and then translate that into the appropriate Python objects. So far, I can further resolve these by using win32com.client, then summoning up winmgmts, then requesting information via Win32_SID, like so:
import win32com.client
thissid = 'S-1-5-21-3579272529-3368358661-2280984729-14762'
wbem = win32com.client.GetObject(r'winmgmts:\\.\root\cimv2')
objAccount = wbem.Get("Win32_SID.SID='" + thissid + "'")
print objAccount.ReferencedDomainName + '\\' + objAccount.AccountName
Answers are returned in a 'OTHERDOMAIN\username' format. My plan is to somehow take this information and talk to the other Active Directory via LDAP, though I am unsure of what to do with a format like OTHERDOMAIN\username. I hope to take this information and wind up with details like full names.
Is there an easier way to do this which I have overlooked? Or one which is more standard, at least? My current approach seems ... clunky.