rezamt · May 2, 2025 02:00
diff --git a/Check CSV.ps1 b/Check CSV.ps1
 $gpoList = Get-CsvData -FilePath "gpo-data.csv"

 $gpoList| foreach {

    $gpo = Get-GPO -Guid $_.ID
    
    # Write-Output "$($gpo.Id),$($gpo.DisplayName),$($gpo.Owner)"
    $gpo

 }
diff --git a/Get-CsvData b/Get-CsvData
 function Get-CsvData
 {
    param (
        [Parameter(Mandatory = $true)]
        [string]$FilePath
    )

    if (Test-Path $FilePath) {
        return Import-Csv -Path $FilePath
    } else {
        Write-Error "File not found: $FilePath"
        exit 1
    }
 } 
diff --git a/gistfile1.txt b/gistfile1.txt
 PS C:\Users\Administrator> Get-GPO -Guid 6F39B22B-E470-46C9-A86C-3D0C82B86503


 DisplayName      : Accounting AC01 GPO
 DomainName       : inuit.local
 Owner            : INUIT\nina
 Id               : 6f39b22b-e470-46c9-a86c-3d0c82b86503
 GpoStatus        : AllSettingsEnabled
 Description      :
 CreationTime     : 5/1/2025 4:42:17 AM
 ModificationTime : 5/1/2025 5:10:07 AM
 UserVersion      : AD Version: 0, SysVol Version: 0
 ComputerVersion  : AD Version: 0, SysVol Version: 0
 WmiFilter        :
diff --git a/GPO Status b/GPO Status
 PS C:\Users\Administrator> Get-GPO -Guid 521B0DED-1213-4B5E-87D0-6B04731A9FBD


 DisplayName      : GCP Team GPO
 DomainName       : example.local
 Owner            : EXAMPLE\Domain Admins
 Id               : 521b0ded-1213-4b5e-87d0-6b04731a9fbd
 GpoStatus        : AllSettingsEnabled
 Description      :
 CreationTime     : 5/1/2025 4:42:53 AM
 ModificationTime : 5/1/2025 4:42:53 AM
 UserVersion      : AD Version: 0, SysVol Version: 0
 ComputerVersion  : AD Version: 0, SysVol Version: 0
 WmiFilter        :

 PS C:\Users\Administrator> Get-GPO -Guid 6F39B22B-E470-46C9-A86C-3D0C82B86503


 DisplayName      : Accounting AC01 GPO
 DomainName       : example.local
 Owner            : EXMPALE\nina
 Id               : 6f39b22b-e470-46c9-a86c-3d0c82b86503
 GpoStatus        : AllSettingsEnabled
 Description      :
 CreationTime     : 5/1/2025 4:42:17 AM
 ModificationTime : 5/1/2025 5:10:07 AM
 UserVersion      : AD Version: 0, SysVol Version: 0
 ComputerVersion  : AD Version: 0, SysVol Version: 0
 WmiFilter        :
diff --git a/report1.xml b/report1.xml
 <?xml version="1.0" encoding="utf-16"?>
 <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  <Identifier>
    <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{521b0ded-1213-4b5e-87d0-6b04731a9fbd}</Identifier>
    <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">example.local</Domain>
  </Identifier>
  <Name>GCP Team GPO</Name>
  <IncludeComments>true</IncludeComments>
  <CreatedTime>2025-05-01T11:42:53</CreatedTime>
  <ModifiedTime>2025-05-01T11:42:53</ModifiedTime>
  <ReadTime>2025-05-01T22:47:24.655172Z</ReadTime>
  <SecurityDescriptor>
    <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2074042624-2661405929-1295498537-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
    <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
    </Owner>
    <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
    </Group>
    <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
    <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <InheritsFromParent>false</InheritsFromParent>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-519</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Enterprise Admins</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
    </Permissions>
    <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  </SecurityDescriptor>
  <FilterDataAvailable>true</FilterDataAvailable>
  <Computer>
    <VersionDirectory>0</VersionDirectory>
    <VersionSysvol>0</VersionSysvol>
    <Enabled>true</Enabled>
  </Computer>
  <User>
    <VersionDirectory>0</VersionDirectory>
    <VersionSysvol>0</VersionSysvol>
    <Enabled>true</Enabled>
  </User>
  <LinksTo>
    <SOMName>Cloud Services</SOMName>
    <SOMPath>example.local/Cloud Services</SOMPath>
    <Enabled>true</Enabled>
    <NoOverride>true</NoOverride>
  </LinksTo>
 </GPO>
diff --git a/report2.xml b/report2.xml
 <?xml version="1.0" encoding="utf-16"?>
 <GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
  <Identifier>
    <Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{6f39b22b-e470-46c9-a86c-3d0c82b86503}</Identifier>
    <Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">example.local</Domain>
  </Identifier>
  <Name>Accounting AC01 GPO</Name>
  <IncludeComments>true</IncludeComments>
  <CreatedTime>2025-05-01T11:42:17</CreatedTime>
  <ModifiedTime>2025-05-01T12:10:07</ModifiedTime>
  <ReadTime>2025-05-01T22:56:32.3044301Z</ReadTime>
  <SecurityDescriptor>
    <SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:S-1-5-21-2074042624-2661405929-1295498537-1104G:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2074042624-2661405929-1295498537-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
    <Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-1104</SID>
      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\nina</Name>
    </Owner>
    <Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
      <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
    </Group>
    <PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
    <Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
      <InheritsFromParent>false</InheritsFromParent>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
      <TrusteePermissions>
        <Trustee>
          <SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-519</SID>
          <Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Enterprise Admins</Name>
        </Trustee>
        <Type xsi:type="PermissionType">
          <PermissionType>Allow</PermissionType>
        </Type>
        <Inherited>false</Inherited>
        <Applicability>
          <ToSelf>true</ToSelf>
          <ToDescendantObjects>false</ToDescendantObjects>
          <ToDescendantContainers>true</ToDescendantContainers>
          <ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
        </Applicability>
        <Standard>
          <GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
        </Standard>
        <AccessMask>0</AccessMask>
      </TrusteePermissions>
    </Permissions>
    <AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
  </SecurityDescriptor>
  <FilterDataAvailable>true</FilterDataAvailable>
  <Computer>
    <VersionDirectory>0</VersionDirectory>
    <VersionSysvol>0</VersionSysvol>
    <Enabled>true</Enabled>
  </Computer>
  <User>
    <VersionDirectory>0</VersionDirectory>
    <VersionSysvol>0</VersionSysvol>
    <Enabled>true</Enabled>
  </User>
  <LinksTo>
    <SOMName>Accounting</SOMName>
    <SOMPath>example.local/Accounting</SOMPath>
    <Enabled>true</Enabled>
    <NoOverride>true</NoOverride>
  </LinksTo>
 </GPO>
diff --git a/Test-SIDExistence.ps1 b/Test-SIDExistence.ps1
 function Test-SIDExistence {
    param (
        [string]$sidString
    )

    try {
        $sid = New-Object System.Security.Principal.SecurityIdentifier($sidString)
        $ntAccount = $sid.Translate([System.Security.Principal.NTAccount])
        Write-Host $ntAccount
        return $true
    } catch {
        return $false
    }
 }

 # Example usage:
 $sid = $SID1
 if (Test-SIDExistence -sidString $sid) {
    Write-Output "SID exists 🎯"
 } else {
    Write-Output "SID is gone 💀"
 }
diff --git a/tool.ps1 b/tool.ps1
 # GPO-Tool

 Import-Module activedirectory

 function Get-SIDDetails {
    param (
        [string]$sidString
    )

    try {
        $sidObj = New-Object System.Security.Principal.SecurityIdentifier($sidString)
        $ntAccount = $sidObj.Translate([System.Security.Principal.NTAccount])
        $samAccount = $ntAccount.Value

        $adsiSearcher = New-Object DirectoryServices.DirectorySearcher
        $adsiSearcher.Filter = "(&(objectClass=*)(sAMAccountName=$($samAccount.Split('\')[1])))"
        $result = $adsiSearcher.FindOne()

        if ($result -ne $null) {
            $entry = $result.GetDirectoryEntry()
            $rawType = $entry.objectClass | Select-Object -Last 1

            $type = if ($rawType -match 'group') { 'Group' }
                    elseif ($rawType -match 'user|organizationalPerson') { 'User' }
                    else { 'Other' }

            [PSCustomObject]@{
                SID         = $sidString
                Name        = $entry.sAMAccountName
                DisplayName = $entry.displayName
                Type        = $type
                Status      = "Found"
            }
        } else {
            [PSCustomObject]@{
                SID     = $sidString
                Name    = $samAccount
                Type    = $null
                Status  = "NotFound"
            }
        }
    } catch {
        [PSCustomObject]@{
            SID     = $sidString
            Name    = $null
            Type    = $null
            Status  = "Invalid"
        }
    }
 }

 function Get-GPOOwner
 {

    param(
        [string]$guid
    )

    [xml]$GPOReport = Get-GPOReport -Guid $guid -ReportType XML
 
    $name = $GPOReport.GPO.SecurityDescriptor.Owner.Name.InnerText
    $sid = $GPOReport.GPO.SecurityDescriptor.Owner.SID.InnerText


    if ($null -eq $name)
    {
        [PSCustomObject]@{
            GUID = $guid
            SID = $sid
            Name = $null
            Type = "UNKNOWN"
            Status = "Orphant"
        }
    }
    else
    {
        # Owner is Valid

        $sidDetail = Get-SIDDetails -sidString $sid

        [PSCustomObject]@{
            GUID = $guid
            SID = $sid
            Name = $name
            Type = $sidDetail.Type
            Status = "HasOwner"
        }

    }

 }


 $gpoGuids = @(
    "EFC66222-F54C-40DC-9F96-603B561D737A",
    "521B0DED-1213-4B5E-87D0-6B04731A9FBD",
    "A5266E87-E456-4EBB-B510-BEAE66B68454",
    "6F39B22B-E470-46C9-A86C-3D0C82B86503"
 )


 $gpoGuids | ForEach-Object {

    $owner = Get-GPOOwner -guid $_

    Write-Host $owner
 }
	$gpoList = Get-CsvData -FilePath "gpo-data.csv"

	$gpoList\| foreach {

	$gpo = Get-GPO -Guid $_.ID

	# Write-Output "$($gpo.Id),$($gpo.DisplayName),$($gpo.Owner)"
	$gpo

	}
	function Get-CsvData
	{
	param (
	[Parameter(Mandatory = $true)]
	[string]$FilePath
	)

	if (Test-Path $FilePath) {
	return Import-Csv -Path $FilePath
	} else {
	Write-Error "File not found: $FilePath"
	exit 1
	}
	}
	PS C:\Users\Administrator> Get-GPO -Guid 6F39B22B-E470-46C9-A86C-3D0C82B86503


	DisplayName : Accounting AC01 GPO
	DomainName : inuit.local
	Owner : INUIT\nina
	Id : 6f39b22b-e470-46c9-a86c-3d0c82b86503
	GpoStatus : AllSettingsEnabled
	Description :
	CreationTime : 5/1/2025 4:42:17 AM
	ModificationTime : 5/1/2025 5:10:07 AM
	UserVersion : AD Version: 0, SysVol Version: 0
	ComputerVersion : AD Version: 0, SysVol Version: 0
	WmiFilter :
	PS C:\Users\Administrator> Get-GPO -Guid 521B0DED-1213-4B5E-87D0-6B04731A9FBD


	DisplayName : GCP Team GPO
	DomainName : example.local
	Owner : EXAMPLE\Domain Admins
	Id : 521b0ded-1213-4b5e-87d0-6b04731a9fbd
	GpoStatus : AllSettingsEnabled
	Description :
	CreationTime : 5/1/2025 4:42:53 AM
	ModificationTime : 5/1/2025 4:42:53 AM
	UserVersion : AD Version: 0, SysVol Version: 0
	ComputerVersion : AD Version: 0, SysVol Version: 0
	WmiFilter :

	PS C:\Users\Administrator> Get-GPO -Guid 6F39B22B-E470-46C9-A86C-3D0C82B86503


	DisplayName : Accounting AC01 GPO
	DomainName : example.local
	Owner : EXMPALE\nina
	Id : 6f39b22b-e470-46c9-a86c-3d0c82b86503
	GpoStatus : AllSettingsEnabled
	Description :
	CreationTime : 5/1/2025 4:42:17 AM
	ModificationTime : 5/1/2025 5:10:07 AM
	UserVersion : AD Version: 0, SysVol Version: 0
	ComputerVersion : AD Version: 0, SysVol Version: 0
	WmiFilter :
	<?xml version="1.0" encoding="utf-16"?>
	<GPO xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.microsoft.com/GroupPolicy/Settings">
	<Identifier>
	<Identifier xmlns="http://www.microsoft.com/GroupPolicy/Types">{521b0ded-1213-4b5e-87d0-6b04731a9fbd}</Identifier>
	<Domain xmlns="http://www.microsoft.com/GroupPolicy/Types">example.local</Domain>
	</Identifier>
	<Name>GCP Team GPO</Name>
	<IncludeComments>true</IncludeComments>
	<CreatedTime>2025-05-01T11:42:53</CreatedTime>
	<ModifiedTime>2025-05-01T11:42:53</ModifiedTime>
	<ReadTime>2025-05-01T22:47:24.655172Z</ReadTime>
	<SecurityDescriptor>
	<SDDL xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-2074042624-2661405929-1295498537-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)</SDDL>
	<Owner xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
	</Owner>
	<Group xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
	</Group>
	<PermissionsPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">true</PermissionsPresent>
	<Permissions xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">
	<InheritsFromParent>false</InheritsFromParent>
	<TrusteePermissions>
	<Trustee>
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-512</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Domain Admins</Name>
	</Trustee>
	<Type xsi:type="PermissionType">
	<PermissionType>Allow</PermissionType>
	</Type>
	<Inherited>false</Inherited>
	<Applicability>
	<ToSelf>true</ToSelf>
	<ToDescendantObjects>false</ToDescendantObjects>
	<ToDescendantContainers>true</ToDescendantContainers>
	<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
	</Applicability>
	<Standard>
	<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
	</Standard>
	<AccessMask>0</AccessMask>
	</TrusteePermissions>
	<TrusteePermissions>
	<Trustee>
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-9</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS</Name>
	</Trustee>
	<Type xsi:type="PermissionType">
	<PermissionType>Allow</PermissionType>
	</Type>
	<Inherited>false</Inherited>
	<Applicability>
	<ToSelf>true</ToSelf>
	<ToDescendantObjects>false</ToDescendantObjects>
	<ToDescendantContainers>true</ToDescendantContainers>
	<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
	</Applicability>
	<Standard>
	<GPOGroupedAccessEnum>Read</GPOGroupedAccessEnum>
	</Standard>
	<AccessMask>0</AccessMask>
	</TrusteePermissions>
	<TrusteePermissions>
	<Trustee>
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-18</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\SYSTEM</Name>
	</Trustee>
	<Type xsi:type="PermissionType">
	<PermissionType>Allow</PermissionType>
	</Type>
	<Inherited>false</Inherited>
	<Applicability>
	<ToSelf>true</ToSelf>
	<ToDescendantObjects>false</ToDescendantObjects>
	<ToDescendantContainers>true</ToDescendantContainers>
	<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
	</Applicability>
	<Standard>
	<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
	</Standard>
	<AccessMask>0</AccessMask>
	</TrusteePermissions>
	<TrusteePermissions>
	<Trustee>
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-11</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">NT AUTHORITY\Authenticated Users</Name>
	</Trustee>
	<Type xsi:type="PermissionType">
	<PermissionType>Allow</PermissionType>
	</Type>
	<Inherited>false</Inherited>
	<Applicability>
	<ToSelf>true</ToSelf>
	<ToDescendantObjects>false</ToDescendantObjects>
	<ToDescendantContainers>true</ToDescendantContainers>
	<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
	</Applicability>
	<Standard>
	<GPOGroupedAccessEnum>Apply Group Policy</GPOGroupedAccessEnum>
	</Standard>
	<AccessMask>0</AccessMask>
	</TrusteePermissions>
	<TrusteePermissions>
	<Trustee>
	<SID xmlns="http://www.microsoft.com/GroupPolicy/Types">S-1-5-21-2074042624-2661405929-1295498537-519</SID>
	<Name xmlns="http://www.microsoft.com/GroupPolicy/Types">EXAMPLE\Enterprise Admins</Name>
	</Trustee>
	<Type xsi:type="PermissionType">
	<PermissionType>Allow</PermissionType>
	</Type>
	<Inherited>false</Inherited>
	<Applicability>
	<ToSelf>true</ToSelf>
	<ToDescendantObjects>false</ToDescendantObjects>
	<ToDescendantContainers>true</ToDescendantContainers>
	<ToDirectDescendantsOnly>false</ToDirectDescendantsOnly>
	</Applicability>
	<Standard>
	<GPOGroupedAccessEnum>Edit, delete, modify security</GPOGroupedAccessEnum>
	</Standard>
	<AccessMask>0</AccessMask>
	</TrusteePermissions>
	</Permissions>
	<AuditingPresent xmlns="http://www.microsoft.com/GroupPolicy/Types/Security">false</AuditingPresent>
	</SecurityDescriptor>
	<FilterDataAvailable>true</FilterDataAvailable>
	<Computer>
	<VersionDirectory>0</VersionDirectory>
	<VersionSysvol>0</VersionSysvol>
	<Enabled>true</Enabled>
	</Computer>
	<User>
	<VersionDirectory>0</VersionDirectory>
	<VersionSysvol>0</VersionSysvol>
	<Enabled>true</Enabled>
	</User>
	<LinksTo>
	<SOMName>Cloud Services</SOMName>
	<SOMPath>example.local/Cloud Services</SOMPath>
	<Enabled>true</Enabled>
	<NoOverride>true</NoOverride>
	</LinksTo>
	</GPO>
	function Test-SIDExistence {
	param (
	[string]$sidString
	)

	try {
	$sid = New-Object System.Security.Principal.SecurityIdentifier($sidString)
	$ntAccount = $sid.Translate([System.Security.Principal.NTAccount])
	Write-Host $ntAccount
	return $true
	} catch {
	return $false
	}
	}

	# Example usage:
	$sid = $SID1
	if (Test-SIDExistence -sidString $sid) {
	Write-Output "SID exists 🎯"
	} else {
	Write-Output "SID is gone 💀"
	}
	# GPO-Tool

	Import-Module activedirectory

	function Get-SIDDetails {
	param (
	[string]$sidString
	)

	try {
	$sidObj = New-Object System.Security.Principal.SecurityIdentifier($sidString)
	$ntAccount = $sidObj.Translate([System.Security.Principal.NTAccount])
	$samAccount = $ntAccount.Value

	$adsiSearcher = New-Object DirectoryServices.DirectorySearcher
	$adsiSearcher.Filter = "(&(objectClass=*)(sAMAccountName=$($samAccount.Split('\')[1])))"
	$result = $adsiSearcher.FindOne()

	if ($result -ne $null) {
	$entry = $result.GetDirectoryEntry()
	$rawType = $entry.objectClass \| Select-Object -Last 1

	$type = if ($rawType -match 'group') { 'Group' }
	elseif ($rawType -match 'user\|organizationalPerson') { 'User' }
	else { 'Other' }

	[PSCustomObject]@{
	SID = $sidString
	Name = $entry.sAMAccountName
	DisplayName = $entry.displayName
	Type = $type
	Status = "Found"
	}
	} else {
	[PSCustomObject]@{
	SID = $sidString
	Name = $samAccount
	Type = $null
	Status = "NotFound"
	}
	}
	} catch {
	[PSCustomObject]@{
	SID = $sidString
	Name = $null
	Type = $null
	Status = "Invalid"
	}
	}
	}

	function Get-GPOOwner
	{

	param(
	[string]$guid
	)

	[xml]$GPOReport = Get-GPOReport -Guid $guid -ReportType XML

	$name = $GPOReport.GPO.SecurityDescriptor.Owner.Name.InnerText
	$sid = $GPOReport.GPO.SecurityDescriptor.Owner.SID.InnerText


	if ($null -eq $name)
	{
	[PSCustomObject]@{
	GUID = $guid
	SID = $sid
	Name = $null
	Type = "UNKNOWN"
	Status = "Orphant"
	}
	}
	else
	{
	# Owner is Valid

	$sidDetail = Get-SIDDetails -sidString $sid

	[PSCustomObject]@{
	GUID = $guid
	SID = $sid
	Name = $name
	Type = $sidDetail.Type
	Status = "HasOwner"
	}

	}

	}


	$gpoGuids = @(
	"EFC66222-F54C-40DC-9F96-603B561D737A",
	"521B0DED-1213-4B5E-87D0-6B04731A9FBD",
	"A5266E87-E456-4EBB-B510-BEAE66B68454",
	"6F39B22B-E470-46C9-A86C-3D0C82B86503"
	)


	$gpoGuids \| ForEach-Object {

	$owner = Get-GPOOwner -guid $_

	Write-Host $owner
	}