I was asked why a specific SID was showing up in an applications Security Alert logs.
That logging system tells the user that it is probably a 'Brute Force' attack from:
CORP\S-1-5-21-436374069-117609710-839522115-6608
I used GetADUser to filter for that SID... Nothing.
I opened up my search, and looked at all AD objects, but the SID value was not apparent.
Here is where I ended up:
$SID_Value = "S-1-5-21-436374069-117609710-839522115-6608"
Get-ADObject -Filter "objectSid -eq '$SID_Value'"
Saw that it WAS a Computer object - So, more details as follows:
Get-ADComputer ((Get-ADObject -Filter "objectSid -eq '$SID_Value'").Name)
No comments:
Post a Comment