Foreign Security Principals

Welcome Forums General PowerShell Q&A Foreign Security Principals

This topic contains 1 reply, has 2 voices, and was last updated by

4 years, 7 months ago.

  • Author
  • #17791

    Points: 0
    Rank: Member

    Does anyone know of a PowerShell script to document Active Directory foreign security principals such as what domain the FSP is from, group memberships, is the FSP orphaned?


  • #17836

    Points: 0
    Rank: Member

    I think the AD module can handle most, if not all, of this:

    # Get a list of FSPs
    Get-ADObject -Filter { objectClass -eq "foreignSecurityPrincipal" }
    # The .NET Framework should be able to translate any that aren't orphaned:
    Get-ADObject -Filter { objectClass -eq "foreignSecurityPrincipal" } | ForEach-Object {
    	([System.Security.Principal.SecurityIdentifier] $_.Name).Translate([System.Security.Principal.NTAccount])
    # You can also get the groups and whether or not the FSP is orphaned (this 
    # assumes that a translation error means that the object is orphaned; that 
    # might not always be the case):
    Get-ADObject -Filter { objectClass -eq "foreignSecurityPrincipal" } -Properties memberof | ForEach-Object {
        $Orphaned = $false
        $TranslatedName = $null
        try {
            $TranslatedName = ([System.Security.Principal.SecurityIdentifier] $_.Name).Translate([System.Security.Principal.NTAccount])
        catch {
            $Orphaned = $true
        New-Object PSObject -Property @{
            Name = $_.Name
            TranslatedName = $TranslatedName
            Orphaned = $Orphaned
            Groups = $_.MemberOf | Get-ADGroup #| select -ExpandProperty Name

    If you don't have the AD module, you can still do this, it'll just take a little more work.

    Is this what you were looking for?

The topic ‘Foreign Security Principals’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort