I have a fixlet to disable any local account with the SID “S-1-5-21*500” and create a new admin account with a unique SID. Before I blast this in a customer environment I need to make sure they don’t have any admin accounts using that SID. I’m having trouble with the relevance though.
How do I get the Full Name and SID of a local account whose SID contains “S-1-5-21*500” ?
Hope this helps!
q: (name of it | "NoName", component string of sid of it, account disabled flag of it, full name of it | "No FullName") of users whose ((it starts with "S-1-5-21" and it ends with "-500") of (component string of sid of it))
A: Administrator, S-1-5-21-180872656-3818583024-2697280795-500, False, No FullName
T: 10.230 msThat worked. Thank you. I changed the error a little just so I know what I’m looking at.
(name of it | “ErrorNoName”, component string of sid of it, account disabled flag of it, full name of it | “ErrorNoFullName”) of users whose ((it starts with “S-1-5-21” and it ends with “-500”) of (component string of sid of it))
Good one, Jason!
You can also use id of user = 500
q: (name of it | "ErrorNoName", component string of sid of it, account disabled flag of it, full name of it | "ErrorNoFullName") of users whose (id of it = 500 AND (component string of sid of it starts with "S-1-5-21"))
A: Administrator, S-1-5-21-3517784393-365577514-1088648382-500, True, ErrorNoFullName