问题
Is there a way to get the actual IdentityReference of the owner of a directory using PowerShell instead of the resolved string version?
The problem is that I want to run a script from domain A to check/fix ownership issues for a file server in domain B. We are in the middle of a migration so the sids from B have been added to the sidhistory of A. So my code includes something like:
$acl = Get-Acl -Path $path
$owner = $acl.Owner
When I run this from domain A, $owner = domain_a\user.
But when I run it from domain B, $owner = domain_b\user.
It appears that the Get-Acl function is getting the IdentityReference, converting it to a string on the client, and then throwing away the raw data so I have no way of knowing who the actual owner is.
It is possible to run this on a machine in domain B and get the correct results but this doesn't seem like it should be necessary. Am I missing something?
Thanks
回答1:
You can parse it out of the SDDL string:
$acl = Get-Acl -Path $path
$owner = $acl.sddl -replace 'o:(.+?):.+','$1'
$owner
来源:https://stackoverflow.com/questions/46981439/powershell-get-acl-owner-reference