Query AD using SID

Hey all,

I have a group of CSV files that contains both AD groups and users and a SID for the group or user. I’m trying to create a new csv file that contains the user accounts from the original csv and the group members for the groups listed from the original csv.

The csv data I’m using and the script I’ve got so far are below. It works to isolate the local everyone group and write the group members to the new csv files, but I’m lost at identifying if the SID belongs to a user or group. Is there an easy way to before an LDAP query for the objectclass of the SID and then run it through an IF/Elseif based on the object class?

File name: accounting.csv
Headers: User,SID

$group=get-childitem C:\scripts\Csv_files\shares
Foreach ($name in $Group) {
# $GRP=$name
$name.name | Select-Object -unique | %{New-Item -Path C:\scripts\Csv_files\share_permissions -Name “$_.” -itemtype File}
Foreach ($name in $group) {
$grpsid= import-csv c:\scripts\csv_files\shares$name
$fileloc =$name.name

    If ($grpsid.user -eq "\Everyone") {
        $grpSID | export-csv $sharefilepath -Append -NoTypeInformation -Force
    ElseIf ($grpsid.user -ne "\Everyone") {
        Foreach ($user in $grpsid) {
                get-adgroupmember  $user.sid | export-csv $sharefilepath -Append -NoTypeInformation -Force 


All constructive help is appreciated.

This seems to work for me (identifying object class based on SID):

# Bogus SID placeholder
$sid = S-1-5-21-1111111111-1111111111-11111111-1111

$class = Get-ADObject -Filter "objectSid -eq '$sid'" | Select-Object -ExpandProperty objectClass

That is exactly what I was looking for. Thank you much and now I can keep moving forward.