Solved

how can i convert a SID value of a deleted group to a common name?

Posted on 2013-06-18
9
551 Views
Last Modified: 2013-06-18
we have an urgent need to restore 2 deleted security groups, however we only have the SID ID's of the groups. is there a script that can convert this to a common name so that we know which groups to restore from our backup?

many thanks!

S.
0
Comment
Question by:siber1
  • 3
  • 3
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257154
How long ago where they deleted?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257160
0
 

Author Comment

by:siber1
ID: 39257179
thanks Subsun, i will try that in a bit and let you know
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 39257219
I also like adfind for this sort of thing

http://www.joeware.net/freetools/tools/adfind/

so if you know the SID

adfind -default -binenc -showdel -f  "(objectsid={{sid:YOURSID}})"

screenshot from my lab below

deletedsid
Want to find all deleted groups

adfind -default -showdel -f  "&(objectclass=group)(isdeleted=TRUE)" samaccountname

Thanks

Mike
0
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 39257254
With PowerShell you can use Get-QADObject cmdlet with parameter -Tombstone
For example..
Get-QADObject -Tombstone | ?{$_.sid -eq "S-1-5-21-617003201-2970812123-1821496560-1145"}

or 

Get-QADObject -Tombstone | ?{$_.sid -like "S-1-5-21-617003201-*"}

Open in new window

You can also use Get-ADObject to find the deleted objects..
0
 

Author Comment

by:siber1
ID: 39257295
thx MK and Subsun, both are excellent approaches, i get zero results when i try to query. perhaps these have passed the tombstone life then.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257301
yeah if they are past the TSL then you won't find them.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257337
Probably.. I think default tombstone lifetime is 180 days, is it deleted before that?
0
 

Author Closing Comment

by:siber1
ID: 39257583
thanks again. looks like this was past the tombstone life, not much we can do here.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question