Solved

how can i convert a SID value of a deleted group to a common name?

Posted on 2013-06-18
9
562 Views
Last Modified: 2013-06-18
we have an urgent need to restore 2 deleted security groups, however we only have the SID ID's of the groups. is there a script that can convert this to a common name so that we know which groups to restore from our backup?

many thanks!

S.
0
Comment
Question by:siber1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257154
How long ago where they deleted?
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257160
0
 

Author Comment

by:siber1
ID: 39257179
thanks Subsun, i will try that in a bit and let you know
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 39257219
I also like adfind for this sort of thing

http://www.joeware.net/freetools/tools/adfind/

so if you know the SID

adfind -default -binenc -showdel -f  "(objectsid={{sid:YOURSID}})"

screenshot from my lab below

deletedsid
Want to find all deleted groups

adfind -default -showdel -f  "&(objectclass=group)(isdeleted=TRUE)" samaccountname

Thanks

Mike
0
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 39257254
With PowerShell you can use Get-QADObject cmdlet with parameter -Tombstone
For example..
Get-QADObject -Tombstone | ?{$_.sid -eq "S-1-5-21-617003201-2970812123-1821496560-1145"}

or 

Get-QADObject -Tombstone | ?{$_.sid -like "S-1-5-21-617003201-*"}

Open in new window

You can also use Get-ADObject to find the deleted objects..
0
 

Author Comment

by:siber1
ID: 39257295
thx MK and Subsun, both are excellent approaches, i get zero results when i try to query. perhaps these have passed the tombstone life then.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39257301
yeah if they are past the TSL then you won't find them.
0
 
LVL 40

Expert Comment

by:Subsun
ID: 39257337
Probably.. I think default tombstone lifetime is 180 days, is it deleted before that?
0
 

Author Closing Comment

by:siber1
ID: 39257583
thanks again. looks like this was past the tombstone life, not much we can do here.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question