LDAP

From WikiWiki
Jump to navigation Jump to search

Well known SID's

some well known sid's


where objectSID -eq

S-1-5-32-544 Administrators
S-1-5-32-548 Account Operators
S-1-5-32-549 Server Operators
S-1-5-32-551 Backup Operators
S-1-5-32-554 BUILTIN\Pre-Windows 2000 Compatible Access
$rootDomainSid-519 Enterprise Admins
$rootDomainSid-518 Schema Admins
$rootDomainSid-500 Administrator

http://support.microsoft.com/kb/243330

in powershell

$strFilter = "(&(objectCategory=User)(Department=Finance))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "Subtree"

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $objItem.name}

$objItem


Quickly find administrator account

get-aduser -Filter * | where sid -like "*-500"