Get-ADXFileSid

Namespace ADPlayground.PowerShell

Outputs

ADPlayground.Acl.FileSidScanResult

Scans file system ACLs to locate SIDs of interest (including SIDHistory).

Examples

Authored help example

Example 1: Scan NTFS paths.


Get-ADXFileSid -Path "\\\\FS1\\Data"

Example 2: Skip SIDHistory correlation.


Get-ADXFileSid -Path "C:\\Shares" -NoSidHistory

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-ADXFileSid [-AllowList <string[]>] [-DeadPrefixFile <string>] [-Depth <int>] [-FollowReparse] [-NoResolve] [-NoSidHistory] [-NoTrusts] [-Parallelism <int>] [-Path <string[]>] [<CommonParameters>]

Parameters

AllowList string[] optionalposition: namedpipeline: false: Additional SID strings to allow.
DeadPrefixFile string optionalposition: namedpipeline: false: Path to a file containing dead/defunct domain SID prefixes (one per line).
Depth int optionalposition: namedpipeline: false: Maximum recursion depth; omit for unlimited.
FollowReparse SwitchParameter optionalposition: namedpipeline: false: Follow reparse points (junctions/symlinks).
NoResolve SwitchParameter optionalposition: namedpipeline: false: Skip SID-to-name resolution.
NoSidHistory SwitchParameter optionalposition: namedpipeline: false: Skip SIDHistory correlation lookups.
NoTrusts SwitchParameter optionalposition: namedpipeline: false: Exclude trusted forests/domains from the internal catalog.
Parallelism int optionalposition: namedpipeline: false: Max degree of parallelism for ACL reads.
Path string[] optionalposition: namedpipeline: falsealiases: Paths, Root: Root paths to scan (local or UNC).

Outputs

ADPlayground.Acl.FileSidScanResult