Find Orphaned Objects in Active Directory

A PowerShell V1 script to find all orphaned objects in Active Directory. These are security principals that were once members of a group protected by the Security Descriptor Propagator process (SDProp). When these objects are removed from protected groups they become orphaned.

 
 
 
 
 
3.7 Star
(3)
1,218 times
Add to favorites
Active Directory
10/18/2016
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Error
    1 Posts | Last post January 19, 2018
    • Hi Richard,
      I just came across this script... It's functionality is similar to one I wrote, but on steroids.
      
      Anyway, in the Foreach($Group in $Groups) loop, I get an error:  Exception calling "Add" with "2" argument(s): "Item has already been added...." when hitting the Enterprise Admins groups.
      
      I was also wondering why you use all the math to generate the RID instead of, say, $RID=(New-Object System.Security.Principal.SecurityIdentifier($SID,0)).value.split('-')[-1]?  I tested it and it returns the same thing.
      
      Cheers,
      
      J. Provencher