Solved

Export ForeignSecurityPrincipals container foreign SIDs into readable name

Posted on 2009-04-09
9
1,513 Views
Last Modified: 2012-05-06
Hi

Anyone know if there is a script where you can export the foreign SID in the ForeignSecurityPrincipals container and at the same time to dump the MemberOf of those SIDs to a file.
The memberof should be the group in our domain where the user SID a member of.

Cheers
Bry
0
Comment
Question by:bryan oakley-wiggins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:bryan oakley-wiggins
ID: 24106047
I am currently using this bit of code (thanks to Americom) on a single SID

On Error Resume Next
 
Set objGroup = GetObject _
  ("LDAP://CN=S-1-5-21-57989841-1972579041-682003330-365065,CN=ForeignSecurityPrincipals,DC=company,DC=co,DC=uk")
objGroup.GetInfo
 
arrMemberOf = objGroup.GetEx("memberOf")
 
WScript.Echo "I'm a member of:"
For Each strMember in arrMemberOf
  WScript.echo strMember
Next


I would like to target the whole container and exoort to .csv or similar.

Cheers
Bry
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24106234
I'll try and test later but give adfind by MVP Joe Richards a try
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -fsps objectsid memberof -csv >  c:\FSPDump.csv
See if that FSPDump.csv file on your C drive is what you need.
 Thanks
Mike
 
0
 

Author Comment

by:bryan oakley-wiggins
ID: 24107531
Hi mkline71

that's awesome..! Thanks very much for that bit of info :-)

I will research but off the top of your head, would you happen to know how I may <sidtoname> in the adfind process and have the .csv populated with the 'friendly' names?

Again, many thanks for your reply.
Cheers
Bry

0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 24109023
I'll try and test later when I get home, I'll let you know.
Thanks
Mike
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 24117565
Just add in the field you want to output as well such as displayname or name.

adfind -fsps displayname name objectsid memberof -csv >  c:\FSPDump.csv
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 24117659

adfind displayname name objectsid memberof -csv > dumpfile.csv
 
Not sure what the -fsps switches are but didn't work for me.

Open in new window

0
 

Author Comment

by:bryan oakley-wiggins
ID: 24175286
Hi darkstar3d

thanks for your response - Apologies for delay in getting back, been out of the office.
I'll be back in on Monday to try further tests and update.

Cheers
Bry
0
 

Author Closing Comment

by:bryan oakley-wiggins
ID: 31568459
hi

What I done to dump out the friendly name is the following:
adfind -sc fspdmp objectsid memberof -csv > c:\dumpfile2.csv

Works for me now

I'll award points to MKLINE71 as this was the pointer that got me the solution and was pretty much close..!.

Thanks also to darkstar3d for the response - Much appreciated.

Cheers
Bry
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24217809
Man good call, I should have gotten
-sc fspdmp
Joe has so many shortcuts that it is hard to keep track sometimes :)
Thanks
Mike
http://adisfun.blogspot.com/
 
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question