How to list AD users with SidHistory attribute

We are in the middle on a company merge with AD restructuring, so I had the necessity to have a list of users with the SidHistory. Here how to with dsquery tool. Remember to change USERID with the SamAccountName of the AD user:

dsquery * -Filter "(samaccountname=USERID)" -Attr samAccountName ObjectSID sidHistory

For making this job for a list of users, create with notepad a list of samAcountName and save it as Users.txt

Create a batch like this and run it:

For /f %%i in (C:\KIM\Users.txt) Do (
dsquery * -Filter "(samaccountname=%%i)" -Attr samAccountName ObjectSID sidHistory >> C:\KIM\User_sidHistory.txt
)

For find the corrisponding ObjectSID on source domain you can use LDAP query:

 

Advertisements

3 thoughts on “How to list AD users with SidHistory attribute

    • LS says:

      You should use something like this filter:
      dsquery * -Filter “(&(objectClass=user)(!(sidhistory=*)))” -attr samaccountname objectsid sidhistory

      • LS says:

        or better:
        dsquery * -Filter “(&(objectClass=user)(objectCategory=Person)(!(sidhistory=*)))” -attr samaccountname objectsid sidhistory

        If you what to filter only user accounts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s