Get the SID of all trusted domains and forest: Some time you end up having the object SID and want to know the Domain name, from which Domain this SID came from? we have a simple way to find this
While working on Azure AD sync issues we come across the SID mismatch between user object and their respective resource account, user object on the resource domain has different SID and we are not sure from which user domain this SID been updated and even didn’t recognize the SID’s Domain details as we have multiple trusted Domains, though of getting the list of trusted domains SID to identify the user/object from the given SID
Also Read: SID to username command line
Manage to find the Domain name using active directory users and computers console
To Get the Domain name from given SID
- Open DSA.MSC
- Select foreign security principals under the Domain
- This will list all the cross-domain object by SID
- Look for the SID to get the Domain name from the list
Also Read: User to SID command line
Below Powershell command to list the SID of all domains in a forest (not from trusted Domains)
(Get-ADForest).Domains| %{Get-ADDomain -Server $_}|select name, domainsid
Also Read: Group to SID command line