Categories
Domain Migration

AD Migration : Dump SIDHistory

AD Migration : Dump SIDHistory

Use the following script to dump SIDHistory for all objcts, or those under a particular OU. Change the strOU attrobute to “” if you wish to dump the SIDHistory for ALL objects, limit the objects that the SIDHistory  is gathered for by using the strFilter attribute. For example:

  • To report on User Account only, change strFilter to: “(&(objectClass=user)(objectCategory=person))”
  • To report on Groups chang strFilter to “(objectClass=Group)”

Save the script below into a vbs file then execute using the command: cscript.exe /nologo .vbs >> SIDHistory

Const ADS_PROPERTY_DELETE = 4

   Const ADS_PROPERTY_UPDATE = 2

   Dim strFilter ‘As String
   Dim oConnection ‘As ADODB.Connection
   Dim oRecordSet ‘As ADODB.RecordSet
   Dim strQuery ‘As String
   Dim strDomainNC ‘As String
   Dim oRootDSE ‘As IADs
   Dim vArray ‘As Variant()
   Dim vSid ‘As Variant
   Dim oDirObject ‘As Variant
   Dim strOU ‘As String

   ‘ Find the domain naming context
   set oRootDSE = GetObject(“LDAP://RootDSE”)
   strDomainNC = oRootDSE.Get(“defaultNamingContext”)
   set oRootDSE = Nothing

   ‘ Setup the ADO connection
   Set oConnection = CreateObject(“ADODB.Connection”)
   oConnection.Provider = “ADsDSOObject”
   oConnection.Open “ADs Provider”
   strOU = “OU=IT,”
   strFilter = “(&(objectClass=*))”
   strQuery = “;” & strFilter & “;distinguishedName,objectClass,name,sidHistory;subtree”

   ‘Execute the query
   set oRecordSet = oConnection.Execute(strQuery)

   if oRecordSet.Eof then
     WScript.Echo “No objects were found”
     WScript.Quit(0)
   Else
     Dim vClasses ‘As Variant
     Dim strClass ‘As String
     WScript.Echo “Name, Class, DN, SIDHistory”
     While Not oRecordset.Eof
        vClasses = oRecordset.Fields(“objectClass”).Value
        strClass = vClasses(UBound(vClasses))
        If IsNull(oRecordSet.Fields(“sIDHistory”).Value ) Then
           ‘object does not have a sidHistory
        Else
            ‘WScript.Echo chr(34) & oRecordset.Fields(“name”).Value & chr(34) & “,” & _
            ‘    chr(34) & strClass & chr(34) & “,” & chr(34) & _
            ‘    oRecordset.Fields(“distinguishedName”).Value & chr(34)
           
            set oDirObject = GetObject(“LDAP://” & oRecordset.Fields(“distinguishedName”).Value)
               vArray = oDirObject.GetEx(“sIDHistory”)
              
               For Each vSid in vArray
                   If OctetToHexStr(vSid) > “” Then
                       WScript.Echo chr(34) & oRecordset.Fields(“name”).Value & chr(34) & “,” & _
                        chr(34) & strClass & chr(34) & “,” & chr(34) & _
                        oRecordset.Fields(“distinguishedName”).Value & chr(34) & “,” & chr(34) & _
                        OctetToHexStr(vSid)    & chr(34)
                End If
            Next
        End if

        oRecordset.MoveNext
     Wend
   End if

   ‘Clean up
   Set oRecordset = Nothing
   Set oConnection = Nothing

 
Function OctetToHexStr(sOctet)
  Dim k
  OctetToHexStr = “”
  For k = 1 To Lenb(sOctet)
    OctetToHexStr = OctetToHexStr _
      & Right(“0” & Hex(Ascb(Midb(sOctet, k, 1))), 2)
  Next
End Function

Leave a Reply

Your email address will not be published. Required fields are marked *