Group membership of FSP Objects in ForeignSecurityPrincipals Container

Welcome Forums General PowerShell Q&A Group membership of FSP Objects in ForeignSecurityPrincipals Container

Viewing 1 reply thread
  • Author
    Posts
    • April 13, 2020 at 3:35 pm #218208
      Shivoham_1986
      Participant
      Topics: 2
      Replies: 2
      Points: -9
      Rank: Member

      Hello,

      I need cmdlet or script to find group membership of all FSP Objects showing under ForeignSecurityPrincipals container in Active Directory User & Computer MMC.

      Thanks in advance!

    • April 13, 2020 at 4:20 pm #218217
      David Schmidtberger
      Participant
      Topics: 24
      Replies: 173
      Points: 564
      Helping Hand
      Rank: Major Contributor

      Welcome to the fun, i’ve been having to deal with FSP’s in regards to some ad migration project.

       

      the first thing to know, is you can only view/touch FSP as objects, and the native get-adgroup cmdlets fail spectacularly as soon as an FSP is involved.

      second, memberof is not avaialble on adobjects.

      I haven’t had to solve for this specific deal, some others have some ideas here:

      https://www.reddit.com/r/PowerShell/comments/59ofw3/find_users_group_membership_in_trusted_domain/

      alternatively you can try with raw ADSI, or try with adsips, however that will fail when you have orphaned sids unfortunately.

      https://github.com/lazywinadmin/AdsiPS

       

       

  • Author
    Posts
Viewing 1 reply thread
  • You must be logged in to reply to this topic.