Could you pls help here.

Task 1 - find the orphaned SID

Task 2 - delete them and give a output with the result to a text/cs file.

Many T

Please elaborate on this, what do you mean with orphaned SID? The ones you see on ACLs?

The orphaned SIDS are on ACLs on almost any object.  The easiest way to be rid of the offending SID is to use SubInAcl.exe which has a function that detects and reports on orphaned sids and optionally removes them.

https://www.microsoft.com/en-us/download/details.aspx?id=23510

Be very careful when deleting old SIDs, as i know of one client who deleted their SID History from an old domain migration and caused trouble with users connecting to shared mailboxes / calenders / sendas permissions

There is a free tool that you can use to run a report on orphaned SIDS - http://cjwdev.co.uk/Software/ViewDeletedADObjects/Info.html

If you are going to clean up your orphaned SIDs, do it in phases and not all in one go

There are big product names like Varonis, which is a great infrastructure tool that will give a report of your orphaned SIDS and allow you to delete, depending on your companies budget - http://www.varonis.com/products/datadvantage/directory-services/

There is no relationship between 'orphaned SIDs" and SID history. There is no need to alter SID history.  Orphaned SIDS are in ACLs and can bere moved easily and safely with SubInAcl.

Try not to confuse the issue of SID history and orphaned SIDs.

Hi Inderjit,

If you want to remove the Orphaned SID in ACL, you can use Subinacl.exe as Jrv mentioned, and The action "cleanDeletedSIDsFrom" removes SIDs that cannot be resolved from files/folders.

Refer to:

Ghost Unknown accounts

We can also remove the orphaned SID from ACL via Powershell cdmlet "Get-Acl" and "Set-Acl".

Rerfer to:

Remove orphaned SIDs from File/Folder ACL (PowerShell)

If there is anything else regarding this issue, please feel free to post back.

Best Regards,

Anna Wang