How to display objectSID in a Powershell script
hello,
my goal read cn's objectsid , display it. when execute code below, weird string of numbers, guess objectsid value specific type need 'type' variable. can please show me how display objectsid.
$strfilter = "(&(objectcategory=person)(objectclass=user)(whencreated>=20000101000000.0z)(cn=a12345))"
$objacmedir = new-object system.directoryservices.directoryentry("ldap://dc=acme,dc=net")
$objsearchacme = new-object system.directoryservices.directorysearcher
$objsearchacme.searchroot = $objacmedir
$objsearchacme.pagesize = 1000
$objsearchacme.filter = $strfilter
$objsearchacme.searchscope = "subtree"
#------------------------------------------------------------------------------------------------
# search cn , bring employeeid , objectsid
#------------------------------------------------------------------------------------------------
$colproplistacme = "cn", "employeeid", "objectsid"
foreach ($i in $colproplistacme)
{$objsearchacme.propertiestoload.add($i) | out-null }
$colresultsacme = $objsearchacme.findall()
#------------------------------------------------------------------------------------------------
# loop through search results
#------------------------------------------------------------------------------------------------
foreach ($objresultsacme in $colresultsacme)
{
$objacme = $objresultsacme.properties
$strworkcn = $objacme.cn[0] #grab current cn
$strworkempid = $objacme.employeeid[0] #grab current empid
$strworkobjsid = $objacme.objectsid[0]
$strworkcn, $strworkempid, $strworkobjsid
}
code similar below has worked me:
function hexsidtodec($hexsid) { # convert normal array of bytes. $strsid = "s-" + $hexsid[0] $arrsid = $strsid.split(" ") $max = $arrsid.count $decsid = $arrsid[0] + "-" + $arrsid[1] + "-" + $arrsid[8] if ($max -eq 11) { return $decsid } $temp1 = [int64]$arrsid[12] + (256 * ([int64]$arrsid[13] + (256 * ([int64]$arrsid[14] + (256 * ([int64]$arrsid[15])))))) $decsid = $decsid + "-" + $($temp1) if ($max -eq 15) { return $decsid } $temp2 = [int64]$arrsid[16] + (256 * ([int64]$arrsid[17] + (256 * ([int64]$arrsid[18] + (256 * ([int64]$arrsid[19])))))) $decsid = $decsid + "-" + $($temp2) $temp3 = [int64]$arrsid[20] + (256 * ([int64]$arrsid[21] + (256 * ([int64]$arrsid[22] + (256 * ([int64]$arrsid[23])))))) $decsid = $decsid + "-" + $($temp3) if ($max -lt 24) { return $decsid } $temp4 = [int64]$arrsid[24] + (256 * ([int64]$arrsid[25] + (256 * ([int64]$arrsid[26] + (256 * ([int64]$arrsid[27])))))) $decsid = $decsid + "-" + $($temp4) return $decsid } $name = "jsmith" $domain = [system.directoryservices.activedirectory.domain]::getcurrentdomain() $root = $domain.getdirectoryentry() $search = [system.directoryservices.directorysearcher]$root $search.filter = "(samaccountname=$name)" $result = $search.findall() foreach ($user in $result) { $dn = $user.properties.item("distinguishedname") $dn $sid = $user.properties.item("objectsid") $decsid = hexsidtodec($sid) $decsid }
of course, if have powershell v2 , ad modules, get-aduser displays objectsid in readable format.
richard mueller - mvp directory services
Windows Server > Windows PowerShell
Comments
Post a Comment