LDAP: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
Line 10: Line 10:
|-
|-
| S-1-5-32-551 || Backup Operators
| S-1-5-32-551 || Backup Operators
|-
| S-1-5-32-554 || BUILTIN\Pre-Windows 2000 Compatible Access
|-
|-
| $rootDomainSid-519    || Enterprise Admins
| $rootDomainSid-519    || Enterprise Admins

Revision as of 13:56, 6 January 2014

Well known SID's

where objectSID -eq

S-1-5-32-544 Administrators
S-1-5-32-548 Account Operators
S-1-5-32-549 Server Operators
S-1-5-32-551 Backup Operators
S-1-5-32-554 BUILTIN\Pre-Windows 2000 Compatible Access
$rootDomainSid-519 Enterprise Admins
$rootDomainSid-518 Schema Admins

http://support.microsoft.com/kb/243330

in powershell

$strFilter = "(&(objectCategory=User)(Department=Finance))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $objItem.name}

$objItem