Powershell Get-Acl Owner Reference

Question

Is there a way to get the actual IdentityReference of the owner of a directory using PowerShell instead of the resolved string version?

The problem is that I want to run a script from domain A to check/fix ownership issues for a file server in domain B. We are in the middle of a migration so the sids from B have been added to the sidhistory of A. So my code includes something like:

$acl = Get-Acl -Path $path
$owner = $acl.Owner

When I run this from domain A, $owner = domain_a\user.
But when I run it from domain B, $owner = domain_b\user.

It appears that the Get-Acl function is getting the IdentityReference, converting it to a string on the client, and then throwing away the raw data so I have no way of knowing who the actual owner is.

It is possible to run this on a machine in domain B and get the correct results but this doesn't seem like it should be necessary. Am I missing something?

Thanks

Answer 1

You can parse it out of the SDDL string:

$acl = Get-Acl -Path $path
$owner = $acl.sddl -replace 'o:(.+?):.+','$1'
$owner

Answer 2

Had to make a slight modification as 'G' from the primary group, which follows the owner in the sddl string, was being captured by regex group

$owner = $acl.sddl -replace 'o:(.+?)G:.+','$1'