Forum Discussion
How can I return all AD Groups with a specific SID HISTORY value?
Hello how can I return all AD Groups with a specific SID HISTORY value?
I have tried something like this
$SID = "SID VALUE Here"
Get-ADGroup -Filter * | where{$_.sidhistory -eq $SID}
But it just returns blank.
Thanks
Hi, Leon.
There's two "issues" with your current command:
- You haven't specified that sIDHistory is included in the search results (only relevant in client-side filtering);
- You're performing client-side filtering rather than server-side.
Because you have not specified that the siDHistory attribute is to be included in the results, your "where" clause (i.e. client-side filtering) has nothing to compare $SID to (i.e. $_.sidhistory is always $null), meaning your "$_.sidhistory -eq $SID" statement will always evaluate to $false.
If you use server-side filtering, this is not an issue. Additionally, it will perform significantly faster than client-side filtering - depending on how large your Active Directory environment is.
Try the following instead:
$SID = "SID VALUE Here"; Get-ADGroup -Filter { (siDHistory -eq $SID) };Note: In using server-side filtering, there's no need to specify siDHistory as an additional attribute to include in the query results via "-Properties siDHistory".
Cheers,
Lain
- Hi Lain,
Thanks for explaining that.
I also found a good guide about it here too https://powershellisfun.com/2023/01/23/server-side-filtering-in-powershell/
I never knew about the benefit of using Server side filtering until now.
You learn something new everyday.
Thanks for you help.
