Author Posts

August 15, 2013 at 7:12 am

This works for finding the renamed Administrator account in a domain:

Get-ADUser -Filter * -Properties SID -ResultPageSize 1000 | Where {$_.SID -like "*500"}

Why doesn't this work?

Get-ADUser -Filter 'SID -like "*500"'* -Properties SID

I am trying to retrieve only the one record I am looking for. My guess is the second command (if it worked) would be faster than the first.

August 15, 2013 at 7:59 am

I'm not sure how to make this work in an LDAP Filter, but you can use WMI to accomplish basically the same thing:

Get-WmiObject -Class Win32_UserAccount -Filter "Domain='$env:USERDOMAIN' AND SID LIKE '%500'"

August 15, 2013 at 8:11 am

Here's a way to do this just using the AD cmdlets. I still haven't been able to find a wild card filter that works for SIDs, but you can construct the complete SID and search for that:

$domainSID = Get-ADDomain -Current LoggedOnUser | Select-Object -ExpandProperty DomainSID
if ($domainSID -ne $null)
{
    Get-ADUser -Filter "SID -eq '$domainSID-500'"
}