1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Resolved Help with PowerShell mechanics...

Discussion in 'Windows 7' started by batsona, 2014/07/01.

  1. 2014/07/01
    batsona

    batsona Well-Known Member Thread Starter

    Joined:
    2007/12/18
    Messages:
    133
    Likes Received:
    0
    The "Microsoft Server System" group hasn't seen posts in 6+ months, so I put this post here.. Hopefully someone can help me??


    I need some help with basic mechanics of manipulating data in a PowerShell script, and in Excel
    I've got all the input data, and I know what I need, but I need help with the mechanics. I'm sure this is
    easy for <u>someone</u> out there!

    Basic Requirement:List the members of an ActiveDirectory group, and resolve them to their 'Friendly Name'

    Step-1: List the SIDs of the 12 group members of the 'ACCT' group

    dsget group "CN=ACCT,OU=Groups,DC=ad,DC=xxxxxxxxxxxx,DC=com" -members -expand | findstr ForeignSecurity

    This yields one line per account "CN=S-1-5-21-3588447096-1463914-869570945-1213589,CN=ForeignSecurityPrincipals,DC=ad,DC=xxxxxxxxxxxx,DC=com "
    ----This is saved in a TXT file, and I can strip out just the SID, using Excel so I'm left with just the SID. Such as:
    S-1-5-21-3588447096-1463911-869570941-1213589
    S-1-5-21-3588447096-1463912-869570942-1213589
    S-1-5-21-3588447096-1463913-869570943-1213589
    S-1-5-21-3588447096-1463914-869570944-1213589
    S-1-5-21-3588447096-1463915-869570945-1213589

    --->What I need here, is to construct a command-line entry that will put into PowerShell, and submit it over and over for each SID that is in the TXT file I wrote in step1 "for each entry in xxxxxxxx, do YYYYYYYYYY "

    Step-2: Resolve each SID to the Domain's 'Account Name' In PowerShell:
    ([System.Security.Principal.SecurityIdentifier]( "S-1-5-21-3588447096-1463914-869570945-1213589 ")).Translate([System.Security.Principal.NTAccount]).toString()
    This yields one line per SID, for each SID:AMERICA\H111111. I can use Excel to strip away the AMERICA\ domain, leaving the actual Account Name. Such as:
    H111111
    H111112
    H111113
    H111114
    H111115

    Step-3: Resolve the ActiveDirectory Account Name to a Friendly name, using Excel. Assume that I have an Excel spreadsheet containing
    all 10,000 Account Names of everyone in the company. It would look like:
    H111111 Bill
    H111112 Sally
    H111113 Henry
    H111114 Sam
    H111115 George

    Endpoint: Somehow in Excel, I'm left with a listing of the 12 Friendly Names for all group members in the 'ACCT' group.
     
    batsona,
    #1
  2. 2014/07/03
    batsona

    batsona Well-Known Member Thread Starter

    Joined:
    2007/12/18
    Messages:
    133
    Likes Received:
    0
    Can someone please provide some feedback? Either: a.)Yeah, here are some steps to guide you... b.)This is way to complicated to wrap my head around, or c.)You have to hire a consultant to do this....

    Or, is there a better forum to put this in??
     
    batsona,
    #2


  3. to hide this advert.

  4. 2014/07/03
    lj50 Lifetime Subscription

    lj50 SuperGeek WindowsBBS Team Member

    Joined:
    2003/07/04
    Messages:
    2,801
    Likes Received:
    137
    lj50,
    #3
    batsona likes this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...