delete orphaned sids

john-spencer · August 6, 2014, 4:06pm

I have a small script that shows the members of local administrators group of a remote server, and then you can remove the accounts that do not belong there. It also shows orphaned sids, but when trying to remove them, nothing happens. Some help would sure be appreciated!.

$strDomain = Read-Host “Enter Domain”
$strComputer = Read-Host “Enter System Name”

do
{
$computer = [ADSI](“WinNT://” + $strComputer + “,computer”)
$group = $computer.psbase.children.find(“Administrators”)
$group.Name

function ListAdministrators
{$members = $group.psbase.invoke(“Members”) | %{$.GetType().InvokeMember(“Name”,‘GetProperty’,$null,$,$null)}
$members}

ListAdministrators
$strUser = Read-Host “Enter Username to remove”
$group.Remove(“WinNT://” + $strDomain + “/” + $strUser)
cls
Write-Host These are the Current members of the local administrators group.
ListAdministrators

} while ($strUser -ne “”)

sam-boutros · August 6, 2014, 9:05pm

tested, working…

john-spencer · August 7, 2014, 1:06am

Thanks for the reply, I know it works great for removing accounts that are ‘fine’ but if it’s a an orphaned sid, it doesn’t do anything to it.
What I mean is I run the script and it shows me a list of users like this:

Administrators
Baduser
olduser
service-account
Domain administrators
S-1-5-12-1234567890-1234567890-1234567890–123456
Enter Username to remove

I can put in Baduser and olduser, and they will remove quite nicely. When I put in S-1-5-12-1234567890-1234567890-1234567890–123456, this does not remove.
That’s what I am hoping for some help with.

system · August 7, 2014, 1:37am

It’s most likely to do with this line, a hard-coded assumption that the domain is part of the ADsPath for the orphaned SIDs:

$group.Remove("WinNT://" + $strDomain + "/" + $strUser)

Try outputting the full ADsPath of your members instead of just the name, to see what these SIDs really look like:

function ListAdministrators
{
    $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("ADsPath",'GetProperty',$null,$_,$null)}
}

With that information, you should be able to update the script.

john-spencer · August 7, 2014, 1:57am

Thanks for the reply.
They now look like this: WinNT://S-1-5-12-1234567890-1234567890-1234567890–123456
They won’t delete with or without the WinNT://

john-spencer · August 7, 2014, 2:38am

Ok, I got it! Thank you Dave, that got me on the path.

$strDomain = Read-Host “Enter Domain”
$strComputer = Read-Host “Enter System Name”

do
{
$computer = [ADSI](“WinNT://” + $strComputer + “,computer”)
$group = $computer.psbase.children.find(“Administrators”)
$group.Name

function ListAdministrators
{
$group.psbase.invoke(“Members”) | %{$.GetType().InvokeMember(“ADsPath”,‘GetProperty’,$null,$,$null)}
}
$members}

ListAdministrators
$strUser = Read-Host “Enter Username to remove”
$group.Remove($strUser)
cls
Write-Host These are the Current members of the local administrators group.
ListAdministrators

} while ($strUser -ne “”)

john-spencer · August 7, 2014, 2:42am

Part two: How can I get the group to include both administrators and backup operators? I tried adding them together, with commas, and semi-colons, space, none worked.
$group = $computer.psbase.children.find(“Administrators”)

Topic		Replies	Views
Deleting Users from Groups PowerShell Help	1	186	May 16, 2024
Remove users from local admin group with exclusions PowerShell Help	7	1910	March 7, 2024
[Resolved] Removing orphaned SIDs from directories PowerShell Help	5	4702	May 16, 2024
Remotely remove Domain group(s) from Local group(s) PowerShell Help	6	316	May 16, 2024
Help with Add and remove group PowerShell Help	3	147	May 16, 2024

delete orphaned sids

Related topics