Forum Discussion
Trying to resolve foreignsecurityprincipal information
Hi all I'm trying to help a customer unpack some very large groups ie membercount>5000 and some of the members are groups and some are users and to add to the complexity some of the members are fore...
Hi, Peter.
Here's a basic example involving the foreignSecurityPrincipal class and .Translate() method.
I don't use the ActiveDirectory module much though since it limits portability, so it's calling .NET directly from PowerShell.
You should be able to customise it to fit your needs.
([adsisearcher]::new("(objectClass=foreignSecurityPrincipal)", @("objectSid"))).FindAll() |
ForEach-Object {
$Sid = [System.Security.Principal.SecurityIdentifier]::new($_.Properties["objectSid"][0], 0); $Sid | Select-Object -Property Value, @{n="Name"; e= { $Sid.Translate([System.Security.Principal.NTAccount]) } };
}
Assuming you're targeting classes that contains the objectSid attribute (only security principals contain an objectSid) then it returns output like the following:
Cheers,
Lain
Edited for spelling corrections.