LDAP: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
(Created page with "= in powershell= <syntaxhighlight lang="powershell"> $strFilter = "(&(objectCategory=User)(Department=Finance))" $objDomain = New-Object System.DirectoryServices.DirectoryEnt...")   (change visibility)
 
No edit summary   (change visibility)
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Well known [[SID]]'s =
some well known sid's
where objectSID -eq
{| border="1" style="border-collapse:collapse;"
|-
| S-1-5-32-544 || Administrators
|-
| S-1-5-32-548 || Account Operators
|-
| S-1-5-32-549 || Server Operators
|-
| S-1-5-32-551 || Backup Operators
|-
| S-1-5-32-554 || BUILTIN\Pre-Windows 2000 Compatible Access
|-
| -rootdomainSid-512    || Domain Admins
|-
| $rootDomainSid-519    || Enterprise Admins
|-
| $rootDomainSid-518    || Schema Admins
|-
| $rootDomainSid-500    || Administrator
|}
http://support.microsoft.com/kb/243330
= in powershell=
= in powershell=
<syntaxhighlight lang="powershell">
<syntaxhighlight lang="powershell">
Line 20: Line 48:


$objItem
$objItem
</syntaxhighlight>
Quickly find administrator account
<syntaxhighlight lang="powershell">
get-aduser -Filter * | where sid -like "*-500"
</syntaxhighlight>
</syntaxhighlight>

Latest revision as of 09:07, 15 September 2014

Well known SID's

some well known sid's


where objectSID -eq

S-1-5-32-544 Administrators
S-1-5-32-548 Account Operators
S-1-5-32-549 Server Operators
S-1-5-32-551 Backup Operators
S-1-5-32-554 BUILTIN\Pre-Windows 2000 Compatible Access
-rootdomainSid-512 Domain Admins
$rootDomainSid-519 Enterprise Admins
$rootDomainSid-518 Schema Admins
$rootDomainSid-500 Administrator

http://support.microsoft.com/kb/243330

in powershell

$strFilter = "(&(objectCategory=User)(Department=Finance))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $objItem.name}

$objItem


Quickly find administrator account

get-aduser -Filter * | where sid -like "*-500"