I am looking to cleanup SID history from my domain. One of the steps in the cleanup is to remove SID only members of groups. So for example I have a group called GROUPA and I perform this action in PowerShell.
get-adgroup GROUPA -properties members | select expandproperty members
which returns to me a list including SID, something like this.
CN=S-1-2-34-5678912345-678912345-6789123456-7891234,CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=NET
However the line
get-adgroup GROUPA | remove-adgroupmember "CN=S-1-2-34-5678912345-678912345-6789123456-7891234,CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=NET"
Errors out stating it cannot find the member, which makes sense seeing as it doesn't actually exist anymore.
Any ideas how to get around this to remove the member without having to go into Active Directory and do it by hand on each group?