Tag: Active Directory

How to resolve orphan SID’ account name with Powershell

Sometimes you open an Access Control List and discover an orphan SID. However, before removing the permission you want to know to which account this SID was matching. The SID matched to a local account In this case, you are done. There is no way to find to which account name the SID was matching. … Continue reading How to resolve orphan SID’ account name with Powershell

Clean up orphaned Foreign Security Principals

Clean up orphaned Foreign Security Principals

Foreign Security Principals or FSPs have existed since Windows Server 2000. However, you could work as a system administrator for years without even noticing their presence because the mechanism behind them is almost fully transparent—almost. Contents of this article: FSPs in a nutshell Why an FSP becomes an orphan How to identify and clean up … Continue reading Clean up orphaned Foreign Security Principals

How to view/add an SPN with Powershell

No need to bother with the syntax of SetSPN anymore (despite it still works). There is now a native function built into the Get-ADComputer and Set-ADComputer cmdlets. View all SPN for a given computer Use the Get-ADComputer cmdlet and specify the ServicePrincipalNames parameter. It returns an array of values you can easily expand with the … Continue reading How to view/add an SPN with Powershell