Regarding SID lookups, would it be posible to make them honor the read and list object permissions on the translated name? Right now, if I have deny read (or deny list object) on the object "S-1-5-21-1647000878-563891413-2270807220-1601", and does the .Translate, I still get to see the samaccount name. I would expect to get the same result as if translating a SID that does not exist when I do not have read permission on it. $CurrentSid = "S-1-5-21-1647000878-563891413-2270807220-1601" #SID of object i do not have permission to read $objSID = New-Object System.Security.Principal.SecurityIdentifier($CurrentSid) $objSID.Translate( [System.Security.Principal.NTAccount]) #Will return the samaccountname even if i am not allowed read or list object.