Resolving Foreign Security Principals

Starting with version 1.4 AD cmdlets can retrieve and provide detailed information on all properties for foreign security principals.

When you add a user from a trusted domain to a group in your domain, AD creates a local auxilliary object – foreign security principal – to represent this external account. You can essentially think about this object as a pointer to the actual account in a trusted domain. You can read more about them in the Security Principals section of this TechNet article.

Now QAD cmdlets can resolve these “pointers” and show you real accounts to which they point.

For example, this command will retrieve all foreign security principals which you have in your domain (i.e. all foreign accounts ever granted any rights) and try to resolve them to external accounts from original domains:

Get-QADObject -ResolveForeignSecurityPrincipals -Type foreignSecurityPrincipal

3 Responses to “Resolving Foreign Security Principals”

  1. 1 Sean Kearney August 24, 2010 at 10:19 am

    Oh sweet! That means adding members from trusted domains is now a piece of cake! EXCELLENT!

    I’ll have to play with that tonight!

    Woohoo! 🙂

  2. 2 Alf August 24, 2010 at 6:05 pm

    Beautiful !

    Is the output object as the same type of get-qaduser or get-qadgroup or else output ?

  3. 3 DFsescu January 27, 2012 at 12:15 pm

    А как получить список групп, в которые входят эти иностранные аккаунты?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

August 2010

%d bloggers like this: