Recently migrated some users moved from domain A to another domain B, maintaining SID history in order to facilitate continued access to the old file system. Today, it is found that individual Citrix XenApp programs running in old Domain A do not work.
After checking, it is found that the program will automatically run Whoami/group self-test when it starts, and automatically end if there is an unresolved SID. It is estimated that there is a problem with SID history in some groups when migrating. So how do you find these unresolved SIDs and the corresponding group names? The beans wrote a very simple PowerShell command to find
Log on as a user on domain A, execute the following command, and the results of WhoAmI are converted to CSV text, and PowerShell is then converted to a structured object for operation.
WHOAMI/GROUPS/FO CSV | Convertfrom-csv | Where{$_.type-match "Unknown SID type"} | Select Sid > K:\unknown.txt
The results are as follows
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/59/77/wKioL1TULRqhcdp7AAQuGGbKdDE784.jpg "title=" Unknown. PNG "alt=" Wkiol1tulrqhcdp7aaquggbkdde784.jpg "/>
Then read the text on the domain B and parse the SID to the group name
$group =get-content K:\unknown.txt | Select-skip 3foreach ($sid in $group) {try{$objSID = New-object System.Security.Principal.SecurityIdentif IER ($sid. TrimEnd ()) $objUser = $objSID. Translate ([System.Security.Principal.NTAccount]) write-host $objUser. Value} catch{write-host "catched error: $_. Exception.Message "}}
The results are as follows.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/59/78/wKioL1TULcOThclVAAP7MTkgE5A828.jpg "title=" B.png " alt= "Wkiol1tulcothclvaap7mtkge5a828.jpg"/>
This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1612267
PowerShell Find unknown Group