Find Orphaned Objects in Active Directory

A PowerShell V1 script to find all orphaned objects in Active Directory. These are security principals that were once members of a group protected by the Security Descriptor Propagator process (SDProp). When these objects are removed from protected groups they become orphaned.

3.7 Star
1,218 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
Sign in to ask a question

  • Error
    1 Posts | Last post January 19, 2018
    • Hi Richard,
      I just came across this script... It's functionality is similar to one I wrote, but on steroids.
      Anyway, in the Foreach($Group in $Groups) loop, I get an error:  Exception calling "Add" with "2" argument(s): "Item has already been added...." when hitting the Enterprise Admins groups.
      I was also wondering why you use all the math to generate the RID instead of, say, $RID=(New-Object System.Security.Principal.SecurityIdentifier($SID,0)).value.split('-')[-1]?  I tested it and it returns the same thing.
      J. Provencher