sysvol and sidhistory

itpro-tips · Jan 24, 2024 · 0e8f321 · 0e8f321
1 parent 0d22061
commit 0e8f321
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 2 deletions.
diff --git a/Attributes/Get-SIDHistory.ps1 b/Attributes/Get-SIDHistory.ps1
@@ -0,0 +1,27 @@
+# Declare a generic list to store results
+[System.Collections.Generic.List[PSObject]] $sidObjectsArray = @()
+
+# Get all objects with non-empty SIDHistory attribute and include properties sIDHistory,msDS-ReplattributeMetaData,samaccountname
+Get-ADobject -LDAPFilter "(sidHistory=*)" -Properties sIDHistory, distinguishedName, samaccountname, 'msDS-ReplattributeMetaData' | ForEach-Object { 
+    # Get the last change date of the SIDHistory attribute
+    $replattributeMetaData = $_.'msDS-ReplattributeMetaData'
+    $replattributeMetaData = '<root>' + $replattributeMetaData + '</root>'
+    $replattributeMetaData = $replattributeMetaData.Replace([char]0, ' ')
+    $replattributeMetaData = [XML]$replattributeMetaData
+    $replattributeMetaData = $replattributeMetaData.root.DS_REPL_ATTR_META_DATA
+    $replattributeMetaData = $replattributeMetaData | Where-Object { $_.pszattributeName -eq 'sIDHistory' } | Select-Object -ExpandProperty ftimeLastOriginatingChange
+    $lastChangeDate = $replattributeMetaData | Get-Date -Format 'MM/dd/yyyy'
+
+    # create an ordered PSCustomObject to hold the properties of the object
+    $object = [PSCustomObject][ordered]@{
+        SamAccountName    = $_.samAccountName
+        SIDHistory        = $_.sIDHistory
+        LastChangeDate    = $lastChangeDate
+        DistinguishedName = $_.distinguishedName
+    }
+
+    $sidObjectsArray.Add($object)
+}
+
+# display the list content
+$sidObjectsArray
diff --git a/Sysvol-GPO/Get-GPOConsistencyBetweenDirectoryAndSysvol.ps1 b/Sysvol-GPO/Get-GPOConsistencyBetweenDirectoryAndSysvol.ps1
@@ -100,7 +100,7 @@ function Get-GPOConsistencyBetweenDirectoryAndSysvol {
                 }
 
                 catch {
-                    $Status = 'Phantom (Folder exist in GPO but not in AD)'
+                    $Status = 'Phantom (Folder exists in GPO but not in AD)'
                     $Name = 'N/A'
                 }
 
@@ -125,7 +125,7 @@ function Get-GPOConsistencyBetweenDirectoryAndSysvol {
                 }
 
                 else {
-                    $Status = 'Folder Missing'
+                    $Status = 'Folder missing'
                 }
 
                 $object = [PSCustomObject][ordered]@{