Powershell script that will list all users that have SID history after ADMT was completed and export to .CSV File

dsquery * -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname

Hey,

Using Quest's tools? :) http://www.quest.com/powershell/activeroles-server.aspx

Get-QADUser -LdapFilter "(sidHistory=*)" -IncludedProperties SidHistory |
  Select-Object Name, DN, SidHistory |
  Export-Csv "output.csv"

Select allOpen in new window

HTH

Chris

Wow!  that was quick you guys are good.  Are you folks familar or have you used the ADMT (active directory migration tool)?  If you have then you know that when you migrate a user to another domain you have the option of migrating sid history.  So, what I am looking for is to see which users that were migrated with SID history.  The commands above will do this on the entire domain?

I have used ADMT, and the snippet I posted will check for and return all users who have SIDHistory set along with the value it's been set to. The value itself may be of limited use, it has to be converted to appear as the value we're used to seeing.

The only addition you might need with mine is "-SizeLimit 0" after Get-QADUser, without that it will return a few hundred results and stop (I forget if it returns 100 or 1000 by default).

If you cannot use Get-QADUser for any reason please say, I can give you a native version of the same snippet.

Chris

Tasmant

Where is the output file of users_with_sidhistory.csv end up?

Checking out now.  thx

Tasmant

Ok.  One more related to this.  What if I wanted to do only a particular OU?

I'll just answer that one too ;)

This should work:

dsquery * "OU=somewhere,DC=domain,DC=com" -limit 0 -filter "&(objectclass=user)(objectcategory=person)(sIDHistory=*)" -attr distinguishedname > c:\users_with_sidhistory.csv 

Select allOpen in new window

Chris