locked
How to search Deleted Objects by SID RRS feed

  • Question

  • Windows 2008 R2 domain with AD Recycle Bin enabled. DCs are Windows 2012 R2, except for one lone 2008 R2 DC.

    I have a list of SIDs assigned to resources that I have been asked to see if we can identify what account they were tied to. Is there either an LDAP or Powershell syntax that will allow you to search the Deleted Objects container by the objectSID?

    Monday, October 6, 2014 6:46 PM

Answers

  • Here is a powershell query that worked:

    Import-Module ActiveDirectory

    get-adobject -Filter 'isdeleted -eq $true -and name -ne "Deleted Objects" -and objectSID -like "Enter SID here"' -IncludeDeletedObjects -Properties samaccountname,displayname,objectsid

    • Marked as answer by davrion Monday, October 6, 2014 7:12 PM
    Monday, October 6, 2014 7:12 PM

All replies

  • Here is a powershell query that worked:

    Import-Module ActiveDirectory

    get-adobject -Filter 'isdeleted -eq $true -and name -ne "Deleted Objects" -and objectSID -like "Enter SID here"' -IncludeDeletedObjects -Properties samaccountname,displayname,objectsid

    • Marked as answer by davrion Monday, October 6, 2014 7:12 PM
    Monday, October 6, 2014 7:12 PM
  • Hi,

    Thanks for your good sharing.

    I think it will help the people who have the same issue.

    Regards.


    Vivian Wang

    Wednesday, October 8, 2014 9:16 AM