win_setup: fix for machine sid to work in domains with lots of users (#38646)
This commit is contained in:
parent
b9d97d85f6
commit
2fc3ac3516
1 changed files with 13 additions and 5 deletions
|
@ -29,16 +29,24 @@ Function Get-MachineSid {
|
||||||
# only accessible by the Local System account. This method get's the local
|
# only accessible by the Local System account. This method get's the local
|
||||||
# admin account (ends with -500) and lops it off to get the machine sid.
|
# admin account (ends with -500) and lops it off to get the machine sid.
|
||||||
|
|
||||||
|
$admins_sid = "S-1-5-32-544"
|
||||||
|
$admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value
|
||||||
|
|
||||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||||
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
$principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
||||||
$user_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.UserPrincipal($principal_context)
|
$group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group)
|
||||||
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($user_principal)
|
$searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal)
|
||||||
$users = $searcher.FindAll() | Where-Object { $_.Sid -like "*-500" }
|
$groups = $searcher.FindOne()
|
||||||
|
|
||||||
$machine_sid = $null
|
$machine_sid = $null
|
||||||
if ($users -ne $null) {
|
foreach ($user in $groups.Members) {
|
||||||
$machine_sid = $users.Sid.AccountDomainSid.Value
|
$user_sid = $user.Sid
|
||||||
|
if ($user_sid.Value.EndsWith("-500")) {
|
||||||
|
$machine_sid = $user_sid.AccountDomainSid.Value
|
||||||
|
break
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return $machine_sid
|
return $machine_sid
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue