active directory - AD returns Objectsid as String and SecurityIdentifier is failing interprete this -

usually ad returns 'objectsid' byte[]. type cast value returned ad in byte[]. procedure worked against several ad not in 1 case. in ad environment, following exception.

exception: unable cast object of type 'system.string' type 'system.byte[]'. (system.invalidcastexception)

to debug started checking data-type of value returned ad, , system.string not byte[]. printed string , garbage. passed string securityidentifier() , got exception again.

exception: value invalid. parameter name: sddlform (system.argumentexception)

code:

//using system.directoryservices.protocols objects object s = objsrec[k1].attributes[(string)obj3.current][0]; string x = s.gettype().fullname;  if (x.tolower() == "system.byte[]") {   byte[] bsid = ((byte[])s);   if (bsid != null)   {     securityidentifier sid = new securityidentifier(bsid, 0);      string objectsid = sid.value;   } } else if (x.tolower() == "system.string") {   securityidentifier sid = new securityidentifier((string)s); //ssdl excception   string objectsid = sid.value; } 

this first time seeing ad return string data objectsid. have run code against many ad servers. planning check data-type of objectsid in ad schema.

do 1 come across behavior? should call win32 api convertbytetostringsid()?

thanks ramesh

sorry reviving graveyard post, had same issue year or ago, managed find out why , figured i'd @ least share reason behind behavior.

when using system.directoryservices.protocols namespace, attribute values should either a) byte array, or b) utf-8 string. thing is, developers @ microsoft figured should people returning string when byte array returned underlying ldap api can formatted one, , byte array when utf-8 conversion fails. however, true indexer of directoryattribute class, , not iterator (which returns byte array) or getvalues method.

the safest way byte array when want sid is, mentioned others, getvalues method.