Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2543
  • Last Modified:

identifying orphaned SIDs

when looking at permissions for groups and files, from time to time i run accross some orphaned SIDs. is there a way to identify the orphaned SIDs to delete? how should these be handled?
0
geriatricgeek
Asked:
geriatricgeek
  • 3
  • 2
1 Solution
 
Viper640Commented:
http://itknowledgeexchange.techtarget.com/itanswers/managing-orphaned-sids-on-ad-objects/ - Uses groups instead of users to prevent orphans.

http://support.microsoft.com/kb/243330 - Well known sids in Windows

http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=1501 - Script to find orphaned Sids in AD

HTH

Viper640
0
 
geriatricgeekAuthor Commented:
do i run the script on the domain controller?
0
 
Viper640Commented:
yes, it's a vb script. so copy to a notepad and save as a vbs ext and run it.
0
 
geriatricgeekAuthor Commented:
is there a way to look at the script? it does not open in notepad like other vbs'.
0
 
Viper640Commented:
Here it is i just opened it with notepad. let me know if you need anything else.

Viper640
'Created by Michael Troy Mckee
'Date 10/05/06
'VbScript to check all running machines on a domain
'for orphaned SIDs.
 
 
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
 
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    "Select Name from 'LDAP://DC=yourdomain,DC=com' " _
        & "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRunningComp = 0
objDownComp = 0
objRecordSet.MoveFirst
 
On Error Resume Next
 
Do Until objRecordSet.EOF
 
    hostComp = objRecordSet.Fields("Name").Value
    strComputer = "."
 
    Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
 
    queryString = "Select * from Win32_PingStatus Where Address = '" & hostComp & "'"
    'Wscript.Echo queryString
    Set colPingedComputers = objWMIService.ExecQuery(querystring)
 
 
        For Each objComputer in colPingedComputers
            Set colGroups = GetObject("WinNT://" & hostComp & "")
            'Wscript.Echo hostComp
            colGroups.Filter = Array("group")
            For Each objGroup In colGroups
            'Wscript.Echo objGroup.Name
            For Each objUser in objGroup.Members
                'Set sidName = objUser.Name
                'Wscript.Echo sidName
                If Left(objUser.Name, 8) = "S-1-5-21" Then
                Wscript.Echo hostComp
                Wscript.Echo objGroup.Name
                Wscript.Echo vbTab & objUser.Name
            End If
        Next
 
      Next
    Next
 
    objRecordSet.MoveNext
Loop
 
'Wscript.Echo "There are " & objRunningComp & " machines currently active."
'Wscript.Echo "There are " & objDownComp & " machines not responding."

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now