Find unknown SID in GPO
Import-Module GroupPolicy
$gpo = Get-GPO -All
Foreach ($g in $gpo) {
$permissions = $g.getsecurityinfo()
Foreach ($p in $permissions) {
If ($p.Trustee.SidType -eq “unknown”) {
Write-Host “Policy with unknown SID: $($g.DisplayName)”
Write-Host “Trustee SID: $($p.Trustee.Sid)”
} #end if
} #end foreach permissions