?
Solved

how can i convert a SID value of a deleted group to a common name?

Posted on 2013-06-18
9
Medium Priority
?
584 Views
Last Modified: 2013-06-18
we have an urgent need to restore 2 deleted security groups, however we only have the SID ID's of the groups. is there a script that can convert this to a common name so that we know which groups to restore from our backup?

many thanks!

S.
0
Comment
Question by:siber1
  • 3
  • 3
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257154
How long ago where they deleted?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257160
0
 

Author Comment

by:siber1
ID: 39257179
thanks Subsun, i will try that in a bit and let you know
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 39257219
I also like adfind for this sort of thing

http://www.joeware.net/freetools/tools/adfind/

so if you know the SID

adfind -default -binenc -showdel -f  "(objectsid={{sid:YOURSID}})"

screenshot from my lab below

deletedsid
Want to find all deleted groups

adfind -default -showdel -f  "&(objectclass=group)(isdeleted=TRUE)" samaccountname

Thanks

Mike
0
 
LVL 40

Accepted Solution

by:
Subsun earned 1000 total points
ID: 39257254
With PowerShell you can use Get-QADObject cmdlet with parameter -Tombstone
For example..
Get-QADObject -Tombstone | ?{$_.sid -eq "S-1-5-21-617003201-2970812123-1821496560-1145"}

or 

Get-QADObject -Tombstone | ?{$_.sid -like "S-1-5-21-617003201-*"}

Open in new window

You can also use Get-ADObject to find the deleted objects..
0
 

Author Comment

by:siber1
ID: 39257295
thx MK and Subsun, both are excellent approaches, i get zero results when i try to query. perhaps these have passed the tombstone life then.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257301
yeah if they are past the TSL then you won't find them.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257337
Probably.. I think default tombstone lifetime is 180 days, is it deleted before that?
0
 

Author Closing Comment

by:siber1
ID: 39257583
thanks again. looks like this was past the tombstone life, not much we can do here.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In an Exchange Crossforest migration, the distribution groups can be a very complex operation that would cause loss of time, lots of issues and continued headaches if not solved in a timely manner. I had to do a similar project so I created a sc…
WAP (Web Application Proxy) provides reverse proxy functionality for web applications in the corporate network which allows users on most devices to access internal web applications from external networks.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question