LDAP: Difference between revisions
Jump to navigation
Jump to search
(Created page with "= in powershell= <syntaxhighlight lang="powershell"> $strFilter = "(&(objectCategory=User)(Department=Finance))" $objDomain = New-Object System.DirectoryServices.DirectoryEnt...") (change visibility) |
No edit summary (change visibility) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Well known [[SID]]'s = | |||
some well known sid's | |||
where objectSID -eq | |||
{| border="1" style="border-collapse:collapse;" | |||
|- | |||
| S-1-5-32-544 || Administrators | |||
|- | |||
| S-1-5-32-548 || Account Operators | |||
|- | |||
| S-1-5-32-549 || Server Operators | |||
|- | |||
| S-1-5-32-551 || Backup Operators | |||
|- | |||
| S-1-5-32-554 || BUILTIN\Pre-Windows 2000 Compatible Access | |||
|- | |||
| -rootdomainSid-512 || Domain Admins | |||
|- | |||
| $rootDomainSid-519 || Enterprise Admins | |||
|- | |||
| $rootDomainSid-518 || Schema Admins | |||
|- | |||
| $rootDomainSid-500 || Administrator | |||
|} | |||
http://support.microsoft.com/kb/243330 | |||
= in powershell= | = in powershell= | ||
<syntaxhighlight lang="powershell"> | <syntaxhighlight lang="powershell"> | ||
Line 20: | Line 48: | ||
$objItem | $objItem | ||
</syntaxhighlight> | |||
Quickly find administrator account | |||
<syntaxhighlight lang="powershell"> | |||
get-aduser -Filter * | where sid -like "*-500" | |||
</syntaxhighlight> | </syntaxhighlight> |
Latest revision as of 09:07, 15 September 2014
Well known SID's
some well known sid's
where objectSID -eq
S-1-5-32-544 | Administrators |
S-1-5-32-548 | Account Operators |
S-1-5-32-549 | Server Operators |
S-1-5-32-551 | Backup Operators |
S-1-5-32-554 | BUILTIN\Pre-Windows 2000 Compatible Access |
-rootdomainSid-512 | Domain Admins |
$rootDomainSid-519 | Enterprise Admins |
$rootDomainSid-518 | Schema Admins |
$rootDomainSid-500 | Administrator |
http://support.microsoft.com/kb/243330
in powershell
$strFilter = "(&(objectCategory=User)(Department=Finance))"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"
$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults)
{$objItem = $objResult.Properties; $objItem.name}
$objItem
Quickly find administrator account
get-aduser -Filter * | where sid -like "*-500"