none
Admodule Get-aduser and get-adobject using csv input file and output to csv SID HISTORY SHOWS Microsoft.ActiveDirectory.Management.ADPropertyValueCollection RRS feed

  • Question

  • I am trying to consolidate information after a multidomain migration and am trying to determine which users have not been migrated yet.

    I am trying to use the Active Directory Module but I cant get the SID History to show when using a csv as an import file.

    If I try using the below with a SamAccountName or DistinguishedName name it works fine. (But only one by one)

    Q1. How can I use Get-aduser pr GetADObject with a column in a csv? I know to use import-csv x.csv and then set a variable

    such as $test = $._Test to pull in the info.

    Q2 The Below gets me all the users in an ou but SidHistory Shows as "

    Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" The Problem is if I specify a user with SamAccont and add the sid and sidhistory -property it will show the sidhistory. Why doesn't it do it for an OU dump.

    Here is the bulk OU dump with no csv input. If I export-csv test.csv it works except the SIDHISTORY field shows microsoft.activedirectory.""""

    Get-ADUser -filter '*' -SearchBase "OU=,OU=Valparaiso,OU=IN,DC=US,DC=chs,DC=net" -Properties Enabled,SamAccountName,SID,SIDHistory,Surname,UserPrincipalName

    Here is the kicker for that sidhistory cmdlet out there I can dump in bulk the sidhistory for an ou, but not the sidhistory and the new sid...

    In closing I want to be able to export the username sid and sidhistory to a csv file.

    PLEASE HELP.

    I have been at this for like 7 hours.

    Thanks

    Rich

    Sunday, July 20, 2014 12:48 AM

Answers

  • To get all of the expandable SID histories do the following:

    Get-ADUser -filter * | ?{$_.SidHistory.Count -ne 0} | select -expand SIDHistory

    We can actually do without the -ne but I did it to illustrate the mechanism.

    The following will get all accounts with a SIDHistory.

    Get-ADUser -filter * | ?{$_.SidHistory}


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Monday, July 21, 2014 5:45 PM
    • Marked as answer by ScriptingWifeModerator Monday, August 11, 2014 11:41 PM
    Sunday, July 20, 2014 2:07 PM

All replies

  • This is how to use a CSV file.

    Import_Csv mycsv.csv |
         ForEach-Object{
              Get-Aduser -Identity $_.SamaccountName -Properties ...
        }


    ¯\_(ツ)_/¯

    Sunday, July 20, 2014 1:29 AM
  • You should also be awar4e that SIDHistory is an array and cannot be directly exported without expansion.  SIDHistory only exists on objects that have been previously moved from another domain.

    If a account has been moved more than one it will have multiple SIDs in SIDHistory.

    I am not sure how you think SIDHistory will solve you problem.  If you are trying to find accounts that have been migrated in the new domain then they wil not have a blank SIDHistory assuming a "MOVE" was used to migrate.

    YOu might want to post what you are doing in the DS forum for guidance on how to use DS and the migration tools.


    ¯\_(ツ)_/¯

    Sunday, July 20, 2014 1:40 PM
  • To get all of the expandable SID histories do the following:

    Get-ADUser -filter * | ?{$_.SidHistory.Count -ne 0} | select -expand SIDHistory

    We can actually do without the -ne but I did it to illustrate the mechanism.

    The following will get all accounts with a SIDHistory.

    Get-ADUser -filter * | ?{$_.SidHistory}


    ¯\_(ツ)_/¯

    • Proposed as answer by jrv Monday, July 21, 2014 5:45 PM
    • Marked as answer by ScriptingWifeModerator Monday, August 11, 2014 11:41 PM
    Sunday, July 20, 2014 2:07 PM