• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1796
  • Last Modified:

I need a script to remove the "Unknown Accounts" SID history from accounts that have been migrated.

We did a cross forest migration using ADMT tool.
I need a script to remove the "Unknown Accounts" SID history from accounts that have been migrated.

So, when I open the security tab on the property of any account we migrated, I see the following:

Account Unknown(S-1-5-21-etc
Account Unknown(S-1-5-21-etc
Account Unknown(S-1-5-80-etc

Please let me know.
Thank you
0
claudiamcse
Asked:
claudiamcse
2 Solutions
 
Will SzymkowskiSenior Solution ArchitectCommented:
You can use powershell to accomplish this. Use the below syntax...

import-module activedirectory
Get-ADUser –filter * -properties * | ? {$_,SIDHistory -like "*"} | foreach {Set-ADUser $_ -remove @{sidhistory=$_.sidhistory.value}}

Open in new window


This will find all of the user accounts with Sid History value and remove it from the account.

There is also another good function/cmdlet that was created called SID-History. This is another way to get the information you are looking for. Check the link below...

SID History

Will.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now