I found that there were a few solutions out there on the internet but still didn’t really get me what I was after.  I wanted to find out my total SID count that could be created, and then find the current rid pool high water mark so I could track where were at against that static number. 

 

Here’s the solution, that could work for any INT64 value that is returned from the directory (that wouldn't convert with [datetime]):

   
function Grab-RidWaterMark           
{           
    param ($domainDN)           
    $de = [ADSI]"LDAP://CN=RID Manager$,CN=System,$domainDN"           
    $return = new-object system.DirectoryServices.DirectorySearcher($de)           
    $property= ($return.FindOne()).properties.ridavailablepool           
           
    #get the high/low parts of int64 value, which is the samething that "large integer converter: in LDP is doing.           
    [int32]$totalSIDS = $($property) / ([math]::Pow(2,32))           
    [int64]$temp64val = $totalSIDS * ([math]::Pow(2,32))           
    [int32]$currentRIDPoolCount = $($property) - $temp64val           
           
    Write-Host "Total SIDs that can be created: $totalSIDS"           
    Write-Host "Latest RID pool high water mark: $currentRIDPoolCount"           
}

Results:

PS C:\> Grab-RidWaterMark -domainDN "dc=brad,dc=forest,dc=test"
Total SIDs that can be created: 1073741823
Latest RID pool high water mark: 12271600

 

Cheers.

Technorati Tags: ,,