locked
Help translating sids of FSP from a trusted domain and integrating into my larger script. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Im in the process of creating an audit script that reports on users who've been added to groups with privileged access. The script is being run in a trusted domain and returns sids for some group members obviously since they are fsp's. Problem is I'm at my wits end as to how I should translate these sids and keep them in place. I know how to retrieve the sids separately with get-aduser -filter "SID eq ...." or get-adgroupmember "groupname" | %{$_.sid.value} but how to I leverage this in my larger script. I've provided my script and output below. All help is appreciated.

    	$outputfile = "C:\Audit_Data_$(get-date -f MMyy).txt"

	"Audit Data Collected on $(Get-Date -F MM/dd/yy)" | out-file $outputfile
	"" | out-file $outputfile -append

	"Admin Group Membership" | out-file $outputfile -append
	"" | out-file $outputfile -append

	$groups = "Schema Admins",`
              "Admins 1",`
              "Admins 2",
             
    $domain = domain.local    

	foreach($group in $groups)
	{
		#$members = $(Get-ADGroup $group).members
		"`t$group" | out-file $outputfile -append
		"" | out-file $outputfile -append
		
		foreach ($member in (Get-ADGroup -server $domain -Filter {Name -eq $group} -Properties Members).Members) 
		{
			"`t`t$((Get-ADObject $member).Name),$((Get-ADObject $member -Properties whenCreated).whenCreated)" | Out-File -FilePath $outputfile -Append
		}
		#foreach($member in $members){
		#
		#	$memberinfo = get-qadobject $member
		#	$name = $memberinfo.name
		#	$creationdate = $memberinfo.creationdate
		#	"`t`t$name, $creationdate" | out-file $outputfile -append
		#}
		"" | out-file $outputfile -append
	}

    Partial script output:

    Support Services

    S-1-5-21-1565465683-344022488-928725530-11781,03/05/2018 17:44:55 – needs translation

    User Numberone ,11/03/2017 09:12:44

    Enterprise Admins

    $AZSYNC,11/30/2017 12:39:35

     

    Operations-Admins

    S-1-5-21-1565465683-344022488-928725530-339742,06/11/2018 16:47:29 – needs translation

    S-1-5-21-1565465683-344022488-928725530-402282,06/01/2018 15:27:08 – "   "

    S-1-5-21-1565465683-344022488-928725530-84525,04/23/2018 10:17:04 – "   "

    $admin,03/23/2018 14:41:51

    S-1-5-21-1565465683-344022488-928725530-347271,01/08/2018 13:32:46

    S-1-5-21-1565465683-344022488-928725530-353447,01/05/2018 10:01:07

    Friday, September 7, 2018 2:40 PM

All replies