TestimoX

API Reference

Command

Get-ADXSidHistory

Namespace ADPlayground.PowerShell
Outputs
ADPlayground.Trusts.SidHistoryDangerousEvaluator+View ADPlayground.Trusts.SidHistoryForeignDomainsEvaluator+View ADPlayground.Trusts.SidHistorySameDomainEvaluator+View ADPlayground.Users.SidHistoryRecord

Enumerates accounts with SIDHistory. Implemented via ADPlayground.Users.SidHistoryService using LDAP only (read-only). Reference: ADEssentials SIDHistory coverage; evaluators for same-domain/foreign/dangerous are available in Trusts/*.

Examples

Authored help example

Example 1: All accounts with SIDHistory (forest)


Get-ADXSidHistory | Select-Object Domain,AccountDistinguishedName,ChainLength

Example 2: Foreign-domain SIDHistory only, limited chain length


Get-ADXSidHistory -Domain 'contoso.com' -Kind ForeignDomain -MaxChainLength 3

Example 3: Dangerous RIDs in SIDHistory (e.g., 500/512/519/544)


Get-ADXSidHistory -Kind Dangerous | Select-Object Domain,AccountDistinguishedName,SidHistory

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-ADXSidHistory [-DomainSid <string>] [-Kind <Any|SameDomain|ForeignDomain|Dangerous>] [-MaxChainLength <int>] [-MinChainLength <int>] [-RawDomain <string>] [<CommonParameters>]
#
Parameter set: By DomainSid + Kind

Parameters

DomainSid string optionalposition: namedpipeline: false
When provided, filters records to SIDHistory entries whose domain SID equals this value.
Kind AdxSidHistoryKind optionalposition: namedpipeline: falsevalues: 4
Filter raw records: Any (no filter), SameDomain, ForeignDomain, or Dangerous. Possible values: Any, SameDomain, ForeignDomain, Dangerous
Possible values: Any, SameDomain, ForeignDomain, Dangerous
MaxChainLength int optionalposition: namedpipeline: false
Maximum SIDHistory chain length to include (0 means no maximum).
MinChainLength int optionalposition: namedpipeline: false
Minimum SIDHistory chain length to include (0 means no minimum).
RawDomain string optionalposition: namedpipeline: false
Domain DNS name for raw listing; null scans all domains in the forest.

Outputs

ADPlayground.Trusts.SidHistoryDangerousEvaluator+View, ADPlayground.Trusts.SidHistoryForeignDomainsEvaluator+View, ADPlayground.Trusts.SidHistorySameDomainEvaluator+View, ADPlayground.Users.SidHistoryRecord

Get-ADXSidHistory [-View <SameDomain|ForeignDomains|Dangerous>] [-ViewDomain <string>] [<CommonParameters>]
#
Parameter set: By View + ViewDomain

Parameters

View AdxSidHistoryView optionalposition: namedpipeline: falsevalues: 3
Selects a high-level view instead of raw records: SameDomain, ForeignDomains, or Dangerous. Possible values: None, SameDomain, ForeignDomains, Dangerous
Possible values: SameDomain, ForeignDomains, Dangerous
ViewDomain string optionalposition: namedpipeline: false
Domain DNS name for evaluator views; null evaluates all domains.

Outputs

ADPlayground.Trusts.SidHistoryDangerousEvaluator+View, ADPlayground.Trusts.SidHistoryForeignDomainsEvaluator+View, ADPlayground.Trusts.SidHistorySameDomainEvaluator+View, ADPlayground.Users.SidHistoryRecord