?
Solved

how can i convert a SID value of a deleted group to a common name?

Posted on 2013-06-18
9
Medium Priority
?
577 Views
Last Modified: 2013-06-18
we have an urgent need to restore 2 deleted security groups, however we only have the SID ID's of the groups. is there a script that can convert this to a common name so that we know which groups to restore from our backup?

many thanks!

S.
0
Comment
Question by:siber1
  • 3
  • 3
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257154
How long ago where they deleted?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257160
0
 

Author Comment

by:siber1
ID: 39257179
thanks Subsun, i will try that in a bit and let you know
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 39257219
I also like adfind for this sort of thing

http://www.joeware.net/freetools/tools/adfind/

so if you know the SID

adfind -default -binenc -showdel -f  "(objectsid={{sid:YOURSID}})"

screenshot from my lab below

deletedsid
Want to find all deleted groups

adfind -default -showdel -f  "&(objectclass=group)(isdeleted=TRUE)" samaccountname

Thanks

Mike
0
 
LVL 40

Accepted Solution

by:
Subsun earned 1000 total points
ID: 39257254
With PowerShell you can use Get-QADObject cmdlet with parameter -Tombstone
For example..
Get-QADObject -Tombstone | ?{$_.sid -eq "S-1-5-21-617003201-2970812123-1821496560-1145"}

or 

Get-QADObject -Tombstone | ?{$_.sid -like "S-1-5-21-617003201-*"}

Open in new window

You can also use Get-ADObject to find the deleted objects..
0
 

Author Comment

by:siber1
ID: 39257295
thx MK and Subsun, both are excellent approaches, i get zero results when i try to query. perhaps these have passed the tombstone life then.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257301
yeah if they are past the TSL then you won't find them.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257337
Probably.. I think default tombstone lifetime is 180 days, is it deleted before that?
0
 

Author Closing Comment

by:siber1
ID: 39257583
thanks again. looks like this was past the tombstone life, not much we can do here.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question