Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Powershell script that will list all users that have SID history after ADMT was completed and export to .CSV File

Posted on 2011-02-14
10
4,597 Views
Last Modified: 2012-05-11
Powershell script that will list all users that have SID history after ADMT was completed and export to .CSV File
0
Comment
Question by:mjm21
  • 4
  • 4
  • 2
10 Comments
 
LVL 11

Expert Comment

by:Tasmant
ID: 34889262
dsquery * -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname
0
 
LVL 11

Accepted Solution

by:
Tasmant earned 250 total points
ID: 34889273
dsquery * -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname > users_with_sidhistory.csv
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34889298
Hey,

Using Quest's tools? :) http://www.quest.com/powershell/activeroles-server.aspx
Get-QADUser -LdapFilter "(sidHistory=*)" -IncludedProperties SidHistory |
  Select-Object Name, DN, SidHistory |
  Export-Csv "output.csv"

Open in new window

HTH

Chris
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:mjm21
ID: 34889643
Wow!  that was quick you guys are good.  Are you folks familar or have you used the ADMT (active directory migration tool)?  If you have then you know that when you migrate a user to another domain you have the option of migrating sid history.  So, what I am looking for is to see which users that were migrated with SID history.  The commands above will do this on the entire domain?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34890252

I have used ADMT, and the snippet I posted will check for and return all users who have SIDHistory set along with the value it's been set to. The value itself may be of limited use, it has to be converted to appear as the value we're used to seeing.

The only addition you might need with mine is "-SizeLimit 0" after Get-QADUser, without that it will return a few hundred results and stop (I forget if it returns 100 or 1000 by default).

If you cannot use Get-QADUser for any reason please say, I can give you a native version of the same snippet.

Chris
0
 

Author Comment

by:mjm21
ID: 34899839
Tasmant

Where is the output file of users_with_sidhistory.csv end up?
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 250 total points
ID: 34899859

> Where is the output file of users_with_sidhistory.csv end up?

The directory you ran the command in. The path is relative, but you could always make it absolute:

dsquery * -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname > c:\users_with_sidhistory.csv

Chris
0
 

Author Comment

by:mjm21
ID: 34899900
Checking out now.  thx
0
 

Author Comment

by:mjm21
ID: 34900098
Tasmant

Ok.  One more related to this.  What if I wanted to do only a particular OU?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34900294
I'll just answer that one too ;)

This should work:
dsquery * "OU=somewhere,DC=domain,DC=com" -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname > c:\users_with_sidhistory.csv 

Open in new window

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question