Suppose we have an AD Group with some members as foreign security principals. The format of the values in the member attribute in that case is as follows:
CN=S-1-5-21-XXXX-XXXXXXXX-XXXXXXXXX-XXXX,CN=ForeignSecurityPrincipals,DC=dmc,DC=001,DC=net
We have a translate command to trace the member using SID (S-1-5-21-XXXX-XXXXXXXX-XXXXXXXXX-XXXX);
([System.Security.Principal.SecurityIdentifier] $SID).Translate([System.Security.Principal.NTAccount]).value
Is there a way in powershell to extract out the SID from the member attribute?
You can use regular expressions. Something like this should work:
$targetString = 'CN=S-1-5-21-2440625168-151597401-477403795-1001,CN=ForeignSecurityPrincipals,DC=dmc,DC=001,DC=net'
$regEx = '(?<SID>S-\d-\d+-(\d+-){1,14}\d+)'
if($targetString -match $regEx) {
([System.Security.Principal.SecurityIdentifier] $Matches.SID).Translate([System.Security.Principal.NTAccount]).value
}