Powershell-在Active Directory中查找文件所有者

Question

How do I look up for information about a file owner in Active Directory? The following doesn't work because it parses Domain\\User to the Get-ADUser command

$owner = Get-Acl file.txt | Select-Object Owner | Out-String
Get-ADUser -Identity $owner

I would also like to be able to query users from other domains, as by default, Get-ADUser looks up on your local domain.

Answer 1

The issue with Get-ADUser is that the it is looking for you to

identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name.

A string "domain\\username" does not fit into one of those expected. Instead how about something like this:

$domains = @{
    DOMAIN = "dc.domain.local"
}
$file = "F:\temp\Re__.msg"
$fileOwner = Get-Acl $file | Select-Object -ExpandProperty Owner
$account = New-Object -TypeName PSObject -Property @{
    domain = $fileOwner.Split("\")[0]
    username = $fileOwner.Split("\")[1]
}

If($domains.ContainsKey($user.domain)){
    $server = $domains[$user.domain]
    Get-ADUser -Server $server -Identity $user.username
} Else {
    Write-Warning "No matching server for the domain: $($user.domain)"
}

Create a hashtable of domains and dc's from those domains. Then query the owner from a $file . Split that owner into its domain and username. Then using the $user.domain find the matching domain controller to search for the user.

Answer 2

You can also use the .Net Framework to grab the SID and pass it to Get-ADUser:

$user = New-Object System.Security.Principal.NTAccount (get-acl 'file.txt').owner
$sid = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value
Get-ADUser $sid