Group membership of FSP Objects in ForeignSecurityPrincipals Container

Hello,

I need cmdlet or script to find group membership of all FSP Objects showing under ForeignSecurityPrincipals container in Active Directory User & Computer MMC.

Thanks in advance!

Welcome to the fun, i’ve been having to deal with FSP’s in regards to some ad migration project.

 

the first thing to know, is you can only view/touch FSP as objects, and the native get-adgroup cmdlets fail spectacularly as soon as an FSP is involved.

second, memberof is not avaialble on adobjects.

I haven’t had to solve for this specific deal, some others have some ideas here:

https://www.reddit.com/r/PowerShell/comments/59ofw3/find_users_group_membership_in_trusted_domain/

alternatively you can try with raw ADSI, or try with adsips, however that will fail when you have orphaned sids unfortunately.

https://github.com/lazywinadmin/AdsiPS