Solved

Export ForeignSecurityPrincipals container foreign SIDs into readable name

Posted on 2009-04-09
9
1,484 Views
Last Modified: 2012-05-06
Hi

Anyone know if there is a script where you can export the foreign SID in the ForeignSecurityPrincipals container and at the same time to dump the MemberOf of those SIDs to a file.
The memberof should be the group in our domain where the user SID a member of.

Cheers
Bry
0
Comment
Question by:BryanOakley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:BryanOakley
ID: 24106047
I am currently using this bit of code (thanks to Americom) on a single SID

On Error Resume Next
 
Set objGroup = GetObject _
  ("LDAP://CN=S-1-5-21-57989841-1972579041-682003330-365065,CN=ForeignSecurityPrincipals,DC=company,DC=co,DC=uk")
objGroup.GetInfo
 
arrMemberOf = objGroup.GetEx("memberOf")
 
WScript.Echo "I'm a member of:"
For Each strMember in arrMemberOf
  WScript.echo strMember
Next


I would like to target the whole container and exoort to .csv or similar.

Cheers
Bry
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24106234
I'll try and test later but give adfind by MVP Joe Richards a try
http://www.joeware.net/freetools/tools/adfind/index.htm
adfind -fsps objectsid memberof -csv >  c:\FSPDump.csv
See if that FSPDump.csv file on your C drive is what you need.
 Thanks
Mike
 
0
 

Author Comment

by:BryanOakley
ID: 24107531
Hi mkline71

that's awesome..! Thanks very much for that bit of info :-)

I will research but off the top of your head, would you happen to know how I may <sidtoname> in the adfind process and have the .csv populated with the 'friendly' names?

Again, many thanks for your reply.
Cheers
Bry

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:Mike Kline
ID: 24109023
I'll try and test later when I get home, I'll let you know.
Thanks
Mike
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 24117565
Just add in the field you want to output as well such as displayname or name.

adfind -fsps displayname name objectsid memberof -csv >  c:\FSPDump.csv
0
 
LVL 23

Expert Comment

by:Stacy Spear
ID: 24117659

adfind displayname name objectsid memberof -csv > dumpfile.csv
 
Not sure what the -fsps switches are but didn't work for me.

Open in new window

0
 

Author Comment

by:BryanOakley
ID: 24175286
Hi darkstar3d

thanks for your response - Apologies for delay in getting back, been out of the office.
I'll be back in on Monday to try further tests and update.

Cheers
Bry
0
 

Author Closing Comment

by:BryanOakley
ID: 31568459
hi

What I done to dump out the friendly name is the following:
adfind -sc fspdmp objectsid memberof -csv > c:\dumpfile2.csv

Works for me now

I'll award points to MKLINE71 as this was the pointer that got me the solution and was pretty much close..!.

Thanks also to darkstar3d for the response - Much appreciated.

Cheers
Bry
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24217809
Man good call, I should have gotten
-sc fspdmp
Joe has so many shortcuts that it is hard to keep track sometimes :)
Thanks
Mike
http://adisfun.blogspot.com/
 
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setup new Win2012 DC, remove SBS 2011 5 21
what should i learn? javascript or typescript? 3 33
VB script help 23 30
DNS/WINS in a domain 10 38
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question