I am working on a migration project and found many anomalies with SID mismatches. This PS script copies the source users ObjectSID to the linked target user accounts. It does convert the ObjectSID string to a sidHistory value. I was able to resolve over 600 broken SIDs.
Run this script to resolve SID issues for multiple accounts
#Populate the input file with source and target accounts. Run this script to resolve AEA issues for multiple accounts.
if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null )
{
add-pssnapin quest.activeroles.admanagement
}
$users = import-csv C:\Broken_SID.csv
$users | foreach-object {
if ($_.TargetAccount -ne $null) {
$a = ($_.sourceaccount).indexof("\")
$b = ($_.sourceaccount).substring(0,$a)
$c = ($_.targetaccount).indexof("\")
$d = ($_.targetaccount).substring(0,$c)
$sid = (Get-QADUser $_.SourceAccount -Service $b -DontUseDefaultIncludedProperties | %{ $_.DirectoryEntry.objectSid} |
convert-QADAttributeValue -outputTypeName 'Security.Principal.SecurityIdentifier').value
Set-QADUser $_.targetaccount.ToUpper() -Service $d -ObjectAttributes @{sidhistory=$sid}
}}
#Populate the input file with source and target accounts. Run this script to resolve AEA issues for multiple accounts. if ( (Get-PSSnapin -Name quest.activeroles.admanagement -ErrorAction SilentlyContinue) -eq $null ) { add-pssnapin quest.activeroles.admanagement } $users = import-csv C:\Broken_SID.csv $users | foreach-object { if ($_.TargetAccount -ne $null) { $a = ($_.sourceaccount).indexof("\") $b = ($_.sourceaccount).substring(0,$a) $c = ($_.targetaccount).indexof("\") $d = ($_.targetaccount).substring(0,$c) $sid = (Get-QADUser $_.SourceAccount -Service $b -DontUseDefaultIncludedProperties | %{ $_.DirectoryEntry.objectSid} | convert-QADAttributeValue -outputTypeName 'Security.Principal.SecurityIdentifier').value Set-QADUser $_.targetaccount.ToUpper() -Service $d -ObjectAttributes @{sidhistory=$sid} }}