Modfy SID type virtual attributes from Powershell

Question

I created a few virtual attributes of type SID (multi value) and want to populate them with some user SIDs through a script. 
 When I edit the attribute from the MMC or the WI, it works fine. It gives me a search window to select the object for which I want to add the SID and puts it in ok. I can then also read it ok from powershell. 
 But when I try to add object SIDs from Powershell, it turns it into a weired hash string and when I use powershell to then read the attribute it comes back with nothing. 
 I tried putting them in, in these formats (posting a cut-off version here): 
 Set-QADUser ftest11 -ObjectAttributes @{'edsva-testSID'='S-1-5-21-...'} Set-QADUser ftest11 -ObjectAttributes @{'edsva-testSID'='\01\05\00\00\00\00...'} Set-QADUser ftest11 -ObjectAttributes @{'edsva-testSID'='0105000000...'} 
 And when I look at change history, it shows them as something like 'MDEwNTAwMDAwM...' While the change history of the ones I edited in the MMC or WI show the SID string 'S-1-5-21...' 
 Any idea how to maintain these attributes from powershell?

Jason.Griggs · Accepted Answer

Look at the IEDMOctetString Interface in the ARS SDK, this should provide guidance when working with these values. 
 Below is a VBScript example from the SDK, it can be converted to Powershell fairly easily. 
 'Set the User object's DN
Const strDN="CN=Douglas P. Joyse,OU=Sales,DC=MyDomain,DC=local"
ss="Object: " + strDN + vbNewLine + vbNewLine
Set obj = GetObject("EDMS://" + strDN)
Set OctetString=CreateObject("AelitaEDM.EDMOctetString")
With OctetString
 .Set obj.Get("objectGUID")
 ss = ss + "GUID: " + .GetGuidString + vbNewLine
 ss = ss + "GUID length= " + Cstr(.Length) + " bytes" + vbNewLine
 .Set obj.Get("objectSid")
 ss = ss + "SID: " + .GetSidString + vbNewLine
 ss = ss + "SID length= " + Cstr(.Length) + " bytes" + vbNewLine
End With
MsgBox ss

Endpoint Privilege Management

Modfy SID type virtual attributes from Powershell

Top Replies