marty
August 15, 2013, 1:42am
1
This works for finding the renamed Administrator account in a domain:
Get-ADUser -Filter * -Properties SID -ResultPageSize 1000 | Where {$_.SID -like “*500”}
Why doesn’t this work?
Get-ADUser -Filter 'SID -like "500"’ -Properties SID
I am trying to retrieve only the one record I am looking for. My guess is the second command (if it worked) would be faster than the first.
system
August 15, 2013, 2:29am
2
I’m not sure how to make this work in an LDAP Filter, but you can use WMI to accomplish basically the same thing:
Get-WmiObject -Class Win32_UserAccount -Filter "Domain='$env:USERDOMAIN' AND SID LIKE '%500'"
system
August 15, 2013, 2:41am
3
Here’s a way to do this just using the AD cmdlets. I still haven’t been able to find a wild card filter that works for SIDs, but you can construct the complete SID and search for that:
$domainSID = Get-ADDomain -Current LoggedOnUser | Select-Object -ExpandProperty DomainSID
if ($domainSID -ne $null)
{
Get-ADUser -Filter "SID -eq '$domainSID-500'"
}