Get-adgroup across trusted domain returning sids for some groups, how to include SID translation into my larger script?

Enumerating a list of group membership from a trusted domain. Most members show up but some sids are pulled instead. I’ve tried explicitly defining the domain via -server $domain but to no avail. Would need a way to capture the returned sids as strings, have them converted then returned back into place for reporting purposes. Full script is below. As always, any and all help is greatly appreciated.

Edit: Sids are FSP’s if that helps. They arent abandoned/phantom sids.

 $outputfile = "C:group_membership_report_$(get-date -f MMyy).txt" "Collected on $(Get-Date -F MM/dd/yy)" | out-file $outputfile "" | out-file $outputfile -append #Get admin group membership, to add/remove groups simply add the group name to the $groups array "Admin Group Membership" | out-file $outputfile -append "" | out-file $outputfile -append $groups = "Schema Admins",` "Enterprise Admins",` "Group 2",` "Group 3" $domain = "" foreach($group in $groups) { #$members = $(Get-ADGroup $group).members "`t$group" | out-file $outputfile -append "" | out-file $outputfile -append foreach ($member in (Get-ADGroup -Filter {Name -eq $group} -Properties Members).Members) { "`t`t$((Get-ADObject $member).Name),$((Get-ADObject $member -Properties whenCreated).whenCreated)" | Out-File -FilePath $outputfile -Append } #foreach($member in $members){ # # $memberinfo = get-qadobject $member # $name = $ # $creationdate = $memberinfo.creationdate # "`t`t$name, $creationdate" | out-file $outputfile -append #} "" | out-file $outputfile -append } 

submitted by /u/fattieonthetrain
[link] [comments]

Leave a Reply