API Reference
Command
Get-ADXSidHistoryUsage
Scans NTFS and SMB share ACLs to locate SIDHistory-based access.
Examples
Example 1: Scan NTFS paths and share ACLs from a server.
Get-ADXSidHistoryUsage -Path "\\\\FS1\\Data" -ComputerName FS1
Example 2: Scan specific share ACLs only.
Get-ADXSidHistoryUsage -Share "\\\\FS1\\Finance"
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Get-ADXSidHistoryUsage [-AllowList <string[]>] [-ComputerName <string[]>] [-DeadPrefixFile <string>] [-Depth <int>] [-FollowReparse] [-IncludeAll] [-NoNtfs] [-NoResolve] [-NoShares] [-NoSidHistory] [-NoTrusts] [-Parallelism <int>] [-Path <string[]>] [-Share <string[]>] [<CommonParameters>]Parameters
- AllowList string[]
- Additional SID strings to allow.
- ComputerName string[]
- Computer names to enumerate shares from.
- DeadPrefixFile string
- Path to a file containing dead/defunct domain SID prefixes (one per line).
- Depth int
- Maximum recursion depth; omit for unlimited.
- FollowReparse SwitchParameter
- Follow reparse points (junctions/symlinks).
- IncludeAll SwitchParameter
- Include all classifications (default: SIDHistory matches only).
- NoNtfs SwitchParameter
- Skip NTFS ACL scanning.
- NoResolve SwitchParameter
- Skip SID-to-name resolution.
- NoShares SwitchParameter
- Skip SMB share ACL scanning.
- NoSidHistory SwitchParameter
- Skip SIDHistory correlation lookups.
- NoTrusts SwitchParameter
- Exclude trusted forests/domains from the internal catalog.
- Parallelism int
- Max degree of parallelism for ACL reads.
- Path string[]
- Root paths to scan (local or UNC).
- Share string[]
- Explicit share paths to scan (UNC roots).
Outputs
ADPlayground.Acl.SidHistoryUsageResult