< Back
Remove-AdsOrphanAce
Post
NAME Remove-AdsOrphanAce
SYNOPSIS
Removes all access rules that have an unresolveable identity.
SYNTAX
Remove-AdsOrphanAce [-Path] <String[]> [[-ExcludeDomainSID] <String[]>] [[-IncludeDomainSID] <String[]>]
[[-Server] <String>] [[-Credential] <PSCredential>] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Removes all access rules that have an unresolveable identity.
This is aimed at identifying and remediating orphaned SIDs in active directory.
PARAMETERS
-Path <String[]>
The full distinguished name to the object to clean.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-ExcludeDomainSID <String[]>
SIDs from the specified domain SIDs will be ignored.
Use this to safely handle one-way trust where ID resolution is impossible for some IDs.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-IncludeDomainSID <String[]>
If specified, only unresolved identities from the specified SIDs will be listed.
Use this to safely target only rules from your owned domains in the targeted domain.
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Server <String>
The server / domain to connect to.
Required? false
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
The credentials to use for AD operations.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-EnableException [<SwitchParameter>]
This parameters disables user-friendly warnings and enables the throwing of exceptions.
This is less user friendly, but allows catching exceptions in calling scripts.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
If this switch is enabled, no actions are performed but informational messages will be displayed that explain
what would happen if the command were to run.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
If this switch is enabled, you will be prompted for confirmation before executing any operations that change
state.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-ADObject -LDAPFillter '(objectCategory=*)' | Remove-AdsOrphanAce
Purges all objects in the current domain from orphaned access rules.
RELATED LINKS
SYNOPSIS
Removes all access rules that have an unresolveable identity.
SYNTAX
Remove-AdsOrphanAce [-Path] <String[]> [[-ExcludeDomainSID] <String[]>] [[-IncludeDomainSID] <String[]>]
[[-Server] <String>] [[-Credential] <PSCredential>] [-EnableException] [-WhatIf] [-Confirm] [<CommonParameters>]
DESCRIPTION
Removes all access rules that have an unresolveable identity.
This is aimed at identifying and remediating orphaned SIDs in active directory.
PARAMETERS
-Path <String[]>
The full distinguished name to the object to clean.
Required? true
Position? 1
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-ExcludeDomainSID <String[]>
SIDs from the specified domain SIDs will be ignored.
Use this to safely handle one-way trust where ID resolution is impossible for some IDs.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-IncludeDomainSID <String[]>
If specified, only unresolved identities from the specified SIDs will be listed.
Use this to safely target only rules from your owned domains in the targeted domain.
Required? false
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Server <String>
The server / domain to connect to.
Required? false
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Credential <PSCredential>
The credentials to use for AD operations.
Required? false
Position? 5
Default value
Accept pipeline input? false
Accept wildcard characters? false
-EnableException [<SwitchParameter>]
This parameters disables user-friendly warnings and enables the throwing of exceptions.
This is less user friendly, but allows catching exceptions in calling scripts.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
If this switch is enabled, no actions are performed but informational messages will be displayed that explain
what would happen if the command were to run.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
If this switch is enabled, you will be prompted for confirmation before executing any operations that change
state.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-ADObject -LDAPFillter '(objectCategory=*)' | Remove-AdsOrphanAce
Purges all objects in the current domain from orphaned access rules.
RELATED LINKS