<#-----------------------------------------------------------------------------
Get-SIDHistory.ps1
Ashley McGlone, Microsoft PFE
http://blogs.technet.com/b/ashleymcglone
April, 2011

This script queries Active Directory for SID history in order to build a SID
mapping file for use with the ADMT to do security translation, especially in
situations where the ADMT database has been lost.  In addition to the mapping
file it also generates a full SID history report for viewing in Excel.

This script must be run from a machine that has the Active Directory module
for PowerShell installed (ie. Windows 7 with RSAT or Windows Server 2008 R2).
You must also have either a Windows Server 2008 R2 domain controller, or an
older domain controller with the Active Directory Management Gateway Service
(AD Web Service) installed.  For more information on ADWS see:
http://blogs.technet.com/b/ashleymcglone/archive/2011/03/17/step-by-step-how-to-use-active-directory-powershell-cmdlets-against-2003-domain-controllers.aspx
-----------------------------------------------------------------------------#>

Import-Module ActiveDirectory

#Create a blank array to hold our SID Map data
$arySIDMap = @()

#Query SID history, current SID, and related fields from AD
$ADQuery = Get-ADObject -LDAPFilter "(sIDHistory=*)" -Property objectClass, `
    samAccountName, DisplayName, objectSid, sIDHistory, distinguishedname

#Loop through each AD object returned
ForEach ($row in $ADQuery) {
    #SID history is a multi-valued attribute, so loop through each entry.
    ForEach ($SID in $row.sIDHistory) {
        #Arrange the data we want into a custom object
        $objTemp = New-Object PSObject -Property @{
             objectClass=$row.objectClass;
             OldSID=$SID;
             NewSID=$row.objectSID;
             samAccountName=$row.samAccountName;
             DisplayName=$row.displayName;
             DistinguishedName=$row.distinguishedName
            }
        #Use array addition to add the new object to our SID Map array
        $arySIDMap += $objTemp
    }
}

#Create a full SID History report file for reference in Excel
$arySIDMap | Export-CSV .\SID_History_Report.csv -NoTypeInformation

#Create a SID Mapping text file for use with ADMT
$arySIDMap | Select-Object OldSID, NewSID | 
    Export-CSV .\SIDMapping1.csv -NoTypeInformation
#Peel out the quotes from the mapping file, because ADMT does not like those.
Get-Content .\SIDMapping1.csv | ForEach-Object {$_.Replace("`"","")} | 
    Set-Content .\SIDMapping.csv
Remove-Item .\SIDMapping1.csv

"Output complete:"
"SID_History_Report.csv - full SID History report for reference in Excel"
"SIDMapping.csv         - file for use with ADMT to do security translation"

#   ><>