SecurityPolicy.psm1

. $PSScriptRoot\SecurityPolicy.Libraries.ps1
function Convert-Identity {
    <#
    .SYNOPSIS
    Small command that tries to resolve any given object
 
    .DESCRIPTION
    Small command that tries to resolve any given object - be it SID, DN, FSP or Netbiosname
 
    .PARAMETER Identity
    Type to resolve in form of Identity, DN, SID
 
    .PARAMETER SID
    Allows to pass SID directly, rather then going thru verification process
 
    .PARAMETER Name
    Allows to pass Name directly, rather then going thru verification process
 
    .PARAMETER Force
    Allows to clear cache, useful when you want to force refresh
 
    .EXAMPLE
    $Identity = @(
        'S-1-5-4'
        'S-1-5-4'
        'S-1-5-11'
        'S-1-5-32-549'
        'S-1-5-32-550'
        'S-1-5-32-548'
        'S-1-5-64-10'
        'S-1-5-64-14'
        'S-1-5-64-21'
        'S-1-5-18'
        'S-1-5-19'
        'S-1-5-32-544'
        'S-1-5-20-20-10-51' # Wrong SID
        'S-1-5-21-853615985-2870445339-3163598659-512'
        'S-1-5-21-3661168273-3802070955-2987026695-512'
        'S-1-5-21-1928204107-2710010574-1926425344-512'
        'CN=Test Test 2,OU=Users,OU=Production,DC=ad,DC=evotec,DC=pl'
        'Test Local Group'
        'przemyslaw.klys@evotec.pl'
        'test2'
        'NT AUTHORITY\NETWORK'
        'NT AUTHORITY\SYSTEM'
        'S-1-5-21-853615985-2870445339-3163598659-519'
        'TEST\some'
        'EVOTECPL\Domain Admins'
        'NT AUTHORITY\INTERACTIVE'
        'INTERACTIVE'
        'EVOTEC\Domain Admins'
        'EVOTECPL\Domain Admins'
        'Test\Domain Admins'
        'CN=S-1-5-21-1928204107-2710010574-1926425344-512,CN=ForeignSecurityPrincipals,DC=ad,DC=evotec,DC=xyz' # Valid
        'CN=S-1-5-21-1928204107-2710010574-512,CN=ForeignSecurityPrincipals,DC=ad,DC=evotec,DC=xyz' # not valid
        'CN=S-1-5-21-1928204107-2710010574-1926425344-512,CN=ForeignSecurityPrincipals,DC=ad,DC=evotec,DC=xyz' # cached
    )
 
    $TestOutput = Convert-Identity -Identity $Identity -Verbose
 
    Output:
 
    Name SID DomainName Type Error
    ---- --- ---------- ---- -----
    NT AUTHORITY\INTERACTIVE S-1-5-4 WellKnownGroup
    NT AUTHORITY\INTERACTIVE S-1-5-4 WellKnownGroup
    NT AUTHORITY\Authenticated Users S-1-5-11 WellKnownGroup
    BUILTIN\Server Operators S-1-5-32-549 WellKnownGroup
    BUILTIN\Print Operators S-1-5-32-550 WellKnownGroup
    BUILTIN\Account Operators S-1-5-32-548 WellKnownGroup
    NT AUTHORITY\NTLM Authentication S-1-5-64-10 WellKnownGroup
    NT AUTHORITY\SChannel Authentication S-1-5-64-14 WellKnownGroup
    NT AUTHORITY\Digest Authentication S-1-5-64-21 WellKnownGroup
    NT AUTHORITY\SYSTEM S-1-5-18 WellKnownAdministrative
    NT AUTHORITY\NETWORK SERVICE S-1-5-19 WellKnownGroup
    BUILTIN\Administrators S-1-5-32-544 WellKnownAdministrative
    S-1-5-20-20-10-51 S-1-5-20-20-10-51 Unknown Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
    EVOTEC\Domain Admins S-1-5-21-853615985-2870445339-3163598659-512 ad.evotec.xyz Administrative
    EVOTECPL\Domain Admins S-1-5-21-3661168273-3802070955-2987026695-512 ad.evotec.pl Administrative
    TEST\Domain Admins S-1-5-21-1928204107-2710010574-1926425344-512 test.evotec.pl Administrative
    EVOTECPL\TestingAD S-1-5-21-3661168273-3802070955-2987026695-1111 ad.evotec.pl NotAdministrative
    EVOTEC\Test Local Group S-1-5-21-853615985-2870445339-3163598659-3610 ad.evotec.xyz NotAdministrative
    EVOTEC\przemyslaw.klys S-1-5-21-853615985-2870445339-3163598659-1105 ad.evotec.xyz NotAdministrative
    test2 Unknown Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
    NT AUTHORITY\NETWORK S-1-5-2 WellKnownGroup
    NT AUTHORITY\SYSTEM S-1-5-18 WellKnownAdministrative
    EVOTEC\Enterprise Admins S-1-5-21-853615985-2870445339-3163598659-519 ad.evotec.xyz Administrative
    TEST\some S-1-5-21-1928204107-2710010574-1926425344-1106 test.evotec.pl NotAdministrative
    EVOTECPL\Domain Admins S-1-5-21-3661168273-3802070955-2987026695-512 ad.evotec.pl Administrative
    NT AUTHORITY\INTERACTIVE S-1-5-4 WellKnownGroup
    NT AUTHORITY\INTERACTIVE S-1-5-4 WellKnownGroup
    EVOTEC\Domain Admins S-1-5-21-853615985-2870445339-3163598659-512 ad.evotec.xyz Administrative
    EVOTECPL\Domain Admins S-1-5-21-3661168273-3802070955-2987026695-512 ad.evotec.pl Administrative
    TEST\Domain Admins S-1-5-21-1928204107-2710010574-1926425344-512 test.evotec.pl Administrative
    TEST\Domain Admins S-1-5-21-1928204107-2710010574-1926425344-512 test.evotec.pl Administrative
    S-1-5-21-1928204107-2710010574-512 S-1-5-21-1928204107-2710010574-512 Unknown Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
    TEST\Domain Admins S-1-5-21-1928204107-2710010574-1926425344-512 test.evotec.pl Administrative
 
    .NOTES
    General notes
    #>

    [cmdletBinding(DefaultParameterSetName = 'Identity')]
    param([parameter(ParameterSetName = 'Identity', Position = 0, ValueFromPipeline, ValueFromPipelineByPropertyName)][string[]] $Identity,
        [parameter(ParameterSetName = 'SID', Mandatory)][System.Security.Principal.SecurityIdentifier[]] $SID,
        [parameter(ParameterSetName = 'Name', Mandatory)][string[]] $Name,
        [switch] $Force)
    Begin {
        if (-not $Script:GlobalCacheSidConvert -or $Force) {
            $Script:GlobalCacheSidConvert = @{'NT AUTHORITY\SYSTEM' = [PSCustomObject] @{Name = 'BUILTIN\Administrators'
                    SID                                                                       = 'S-1-5-18'
                    DomainName                                                                = ''
                    Type                                                                      = 'WellKnownAdministrative'
                    Error                                                                     = ''
                }
                'BUILTIN\Administrators'                            = [PSCustomObject] @{Name = 'BUILTIN\Administrators'
                    SID                                            = 'S-1-5-32-544'
                    DomainName                                     = ''
                    Type                                           = 'WellKnownAdministrative'
                    Error                                          = ''
                }
                'BUILTIN\Users'                                     = [PSCustomObject] @{Name = 'BUILTIN\Users'
                    SID                                   = 'S-1-5-32-545'
                    DomainName                            = ''
                    Type                                  = 'WellKnownGroup'
                    Error                                 = ''
                }
                'BUILTIN\Guests'                                    = [PSCustomObject] @{Name = 'BUILTIN\Guests'
                    SID                                    = 'S-1-5-32-546'
                    DomainName                             = ''
                    Type                                   = 'WellKnownGroup'
                    Error                                  = ''
                }
                'BUILTIN\Power Users'                               = [PSCustomObject] @{Name = 'BUILTIN\Power Users'
                    SID                                         = 'S-1-5-32-547'
                    DomainName                                  = ''
                    Type                                        = 'WellKnownGroup'
                    Error                                       = ''
                }
                'BUILTIN\Account Operators'                         = [PSCustomObject] @{Name = 'BUILTIN\Account Operators'
                    SID                                               = 'S-1-5-32-548'
                    DomainName                                        = ''
                    Type                                              = 'WellKnownGroup'
                    Error                                             = ''
                }
                'BUILTIN\Server Operators'                          = [PSCustomObject] @{Name = 'BUILTIN\Server Operators'
                    SID                                              = 'S-1-5-32-549'
                    DomainName                                       = ''
                    Type                                             = 'WellKnownGroup'
                    Error                                            = ''
                }
                'BUILTIN\Print Operators'                           = [PSCustomObject] @{Name = 'BUILTIN\Print Operators'
                    SID                                             = 'S-1-5-32-550'
                    DomainName                                      = ''
                    Type                                            = 'WellKnownGroup'
                    Error                                           = ''
                }
                'BUILTIN\Backup Operators'                          = [PSCustomObject] @{Name = 'BUILTIN\Backup Operators'
                    SID                                              = 'S-1-5-32-551'
                    DomainName                                       = ''
                    Type                                             = 'WellKnownGroup'
                    Error                                            = ''
                }
                'BUILTIN\Replicator'                                = [PSCustomObject] @{Name = 'BUILTIN\Replicators'
                    SID                                        = 'S-1-5-32-552'
                    DomainName                                 = ''
                    Type                                       = 'WellKnownGroup'
                    Error                                      = ''
                }
                'BUILTIN\Pre-Windows 2000 Compatible Access'        = [PSCustomObject] @{Name = 'BUILTIN\Pre-Windows 2000 Compatible Access'
                    SID                                                                = 'S-1-5-32-554'
                    DomainName                                                         = ''
                    Type                                                               = 'WellKnownGroup'
                    Error                                                              = ''
                }
                'BUILTIN\Remote Desktop Users'                      = [PSCustomObject] @{Name = 'BUILTIN\Remote Desktop Users'
                    SID                                                  = 'S-1-5-32-555'
                    DomainName                                           = ''
                    Type                                                 = 'WellKnownGroup'
                    Error                                                = ''
                }
                'BUILTIN\Network Configuration Operators'           = [PSCustomObject] @{Name = 'BUILTIN\Network Configuration Operators'
                    SID                                                             = 'S-1-5-32-556'
                    DomainName                                                      = ''
                    Type                                                            = 'WellKnownGroup'
                    Error                                                           = ''
                }
                'BUILTIN\Incoming Forest Trust Builders'            = [PSCustomObject] @{Name = 'BUILTIN\Incoming Forest Trust Builders'
                    SID                                                            = 'S-1-5-32-557'
                    DomainName                                                     = ''
                    Type                                                           = 'WellKnownGroup'
                    Error                                                          = ''
                }
                'BUILTIN\Performance Monitor Users'                 = [PSCustomObject] @{Name = 'BUILTIN\Performance Monitor Users'
                    SID                                                       = 'S-1-5-32-558'
                    DomainName                                                = ''
                    Type                                                      = 'WellKnownGroup'
                    Error                                                     = ''
                }
                'BUILTIN\Performance Log Users'                     = [PSCustomObject] @{Name = 'BUILTIN\Performance Log Users'
                    SID                                                   = 'S-1-5-32-559'
                    DomainName                                            = ''
                    Type                                                  = 'WellKnownGroup'
                    Error                                                 = ''
                }
                'BUILTIN\Windows Authorization Access Group'        = [PSCustomObject] @{Name = 'BUILTIN\Windows Authorization Access Group'
                    SID                                                                = 'S-1-5-32-560'
                    DomainName                                                         = ''
                    Type                                                               = 'WellKnownGroup'
                    Error                                                              = ''
                }
                'BUILTIN\Terminal Server License Servers'           = [PSCustomObject] @{Name = 'BUILTIN\Terminal Server License Servers'
                    SID                                                             = 'S-1-5-32-561'
                    DomainName                                                      = ''
                    Type                                                            = 'WellKnownGroup'
                    Error                                                           = ''
                }
                'BUILTIN\Distributed COM Users'                     = [PSCustomObject] @{Name = 'BUILTIN\Distributed COM Users'
                    SID                                                   = 'S-1-5-32-562'
                    DomainName                                            = ''
                    Type                                                  = 'WellKnownGroup'
                    Error                                                 = ''
                }
                'BUILTIN\IIS_IUSRS'                                 = [PSCustomObject] @{Name = 'BUILTIN\IIS_IUSRS'
                    SID                                       = 'S-1-5-32-568'
                    DomainName                                = ''
                    Type                                      = 'WellKnownGroup'
                    Error                                     = ''
                }
                'BUILTIN\Cryptographic Operators'                   = [PSCustomObject] @{Name = 'BUILTIN\Cryptographic Operators'
                    SID                                                     = 'S-1-5-32-569'
                    DomainName                                              = ''
                    Type                                                    = 'WellKnownGroup'
                    Error                                                   = ''
                }
                'BUILTIN\Event Log Readers'                         = [PSCustomObject] @{Name = 'BUILTIN\Event Log Readers'
                    SID                                               = 'S-1-5-32-573'
                    DomainName                                        = ''
                    Type                                              = 'WellKnownGroup'
                    Error                                             = ''
                }
                'BUILTIN\Certificate Service DCOM Access'           = [PSCustomObject] @{Name = 'BUILTIN\Certificate Service DCOM Access'
                    SID                                                             = 'S-1-5-32-574'
                    DomainName                                                      = ''
                    Type                                                            = 'WellKnownGroup'
                    Error                                                           = ''
                }
                'BUILTIN\RDS Remote Access Servers'                 = [PSCustomObject] @{Name = 'BUILTIN\RDS Remote Access Servers'
                    SID                                                       = 'S-1-5-32-575'
                    DomainName                                                = ''
                    Type                                                      = 'WellKnownGroup'
                    Error                                                     = ''
                }
                'BUILTIN\RDS Endpoint Servers'                      = [PSCustomObject] @{Name = 'BUILTIN\RDS Endpoint Servers'
                    SID                                                  = 'S-1-5-32-576'
                    DomainName                                           = ''
                    Type                                                 = 'WellKnownGroup'
                    Error                                                = ''
                }
                'BUILTIN\RDS Management Servers'                    = [PSCustomObject] @{Name = 'BUILTIN\RDS Management Servers'
                    SID                                                    = 'S-1-5-32-577'
                    DomainName                                             = ''
                    Type                                                   = 'WellKnownGroup'
                    Error                                                  = ''
                }
                'BUILTIN\Hyper-V Administrators'                    = [PSCustomObject] @{Name = 'BUILTIN\Hyper-V Administrators'
                    SID                                                    = 'S-1-5-32-578'
                    DomainName                                             = ''
                    Type                                                   = 'WellKnownGroup'
                    Error                                                  = ''
                }
                'BUILTIN\Access Control Assistance Operators'       = [PSCustomObject] @{Name = 'BUILTIN\Access Control Assistance Operators'
                    SID                                                                 = 'S-1-5-32-579'
                    DomainName                                                          = ''
                    Type                                                                = 'WellKnownGroup'
                    Error                                                               = ''
                }
                'BUILTIN\Remote Management Users'                   = [PSCustomObject] @{Name = 'BUILTIN\Remote Management Users'
                    SID                                                     = 'S-1-5-32-580'
                    DomainName                                              = ''
                    Type                                                    = 'WellKnownGroup'
                    Error                                                   = ''
                }
                'Window Manager\Window Manager Group'               = [PSCustomObject] @{Name = 'Window Manager\Window Manager Group'
                    SID                                                         = 'S-1-5-90-0'
                    DomainName                                                  = ''
                    Type                                                        = 'WellKnownGroup'
                    Error                                                       = ''
                }
                'NT SERVICE\WdiServiceHost'                         = [PSCustomObject] @{Name = 'NT SERVICE\WdiServiceHost'
                    SID                                               = 'S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420'
                    DomainName                                        = ''
                    Type                                              = 'WellKnownGroup'
                    Error                                             = ''
                }
            }
        }
    }
    Process {
        if ($Identity) {
            foreach ($Ident in $Identity) {
                $MatchRegex = [Regex]::Matches($Ident, "S-\d-\d+-(\d+-|){1,14}\d+")
                if ($Script:GlobalCacheSidConvert[$Ident]) {
                    Write-Verbose "Convert-Identity - Processing $Ident (Cache)"
                    $Script:GlobalCacheSidConvert[$Ident]
                } elseif ($MatchRegex.Success) {
                    Write-Verbose "Convert-Identity - Processing $Ident (SID)"
                    if ($MatchRegex.Value -ne $Ident) { $Script:GlobalCacheSidConvert[$Ident] = ConvertFrom-SID -SID $MatchRegex.Value } else { $Script:GlobalCacheSidConvert[$Ident] = ConvertFrom-SID -SID $Ident }
                    $Script:GlobalCacheSidConvert[$Ident]
                } elseif ($Ident -like '*DC=*') {
                    Write-Verbose "Convert-Identity - Processing $Ident (DistinguishedName)"
                    try {
                        $Object = [adsi]"LDAP://$($Ident)"
                        $SIDValue = [System.Security.Principal.SecurityIdentifier]::new($Object.objectSid.Value, 0).Value
                        $Script:GlobalCacheSidConvert[$Ident] = ConvertFrom-SID -SID $SIDValue
                    } catch {
                        $Script:GlobalCacheSidConvert[$Ident] = [PSCustomObject] @{Name = $Ident
                            SID                                                         = $null
                            DomainName                                                  = ''
                            Type                                                        = 'Unknown'
                            Error                                                       = $_.Exception.Message -replace [environment]::NewLine, ' '
                        }
                    }
                    $Script:GlobalCacheSidConvert[$Ident]
                } else {
                    Write-Verbose "Convert-Identity - Processing $Ident (Other)"
                    try {
                        $SIDValue = ([System.Security.Principal.NTAccount] $Ident).Translate([System.Security.Principal.SecurityIdentifier]).Value
                        $Script:GlobalCacheSidConvert[$Ident] = ConvertFrom-SID -SID $SIDValue
                    } catch {
                        $Script:GlobalCacheSidConvert[$Ident] = [PSCustomObject] @{Name = $Ident
                            SID                                                         = $null
                            DomainName                                                  = ''
                            Type                                                        = 'Unknown'
                            Error                                                       = $_.Exception.Message -replace [environment]::NewLine, ' '
                        }
                    }
                    $Script:GlobalCacheSidConvert[$Ident]
                }
            }
        } else {
            if ($SID) {
                foreach ($S in $SID) {
                    if ($Script:GlobalCacheSidConvert[$S]) { $Script:GlobalCacheSidConvert[$S] } else {
                        $Script:GlobalCacheSidConvert[$S] = ConvertFrom-SID -SID $S
                        $Script:GlobalCacheSidConvert[$S]
                    }
                }
            } else {
                foreach ($Ident in $Name) {
                    if ($Script:GlobalCacheSidConvert[$Ident]) { $Script:GlobalCacheSidConvert[$Ident] } else {
                        $Script:GlobalCacheSidConvert[$Ident] = ([System.Security.Principal.NTAccount] $Ident).Translate([System.Security.Principal.SecurityIdentifier]).Value
                        $Script:GlobalCacheSidConvert[$Ident]
                    }
                }
            }
        }
    }
    End {}
}
function ConvertFrom-SID {
    <#
    .SYNOPSIS
    Small command that can resolve SID values
 
    .DESCRIPTION
    Small command that can resolve SID values
 
    .PARAMETER SID
    Value to resolve
 
    .PARAMETER OnlyWellKnown
    Only resolve SID when it's well know SID. Otherwise return $null
 
    .PARAMETER OnlyWellKnownAdministrative
    Only resolve SID when it's administrative well know SID. Otherwise return $null
 
    .PARAMETER DoNotResolve
    Uses only dicrionary values without querying AD
 
    .EXAMPLE
    ConvertFrom-SID -SID 'S-1-5-8', 'S-1-5-9', 'S-1-5-11', 'S-1-5-18', 'S-1-1-0' -DoNotResolve
 
    .NOTES
    General notes
    #>

    [cmdletbinding(DefaultParameterSetName = 'Standard')]
    param([Parameter(ParameterSetName = 'Standard')]
        [Parameter(ParameterSetName = 'OnlyWellKnown')]
        [Parameter(ParameterSetName = 'OnlyWellKnownAdministrative')]
        [string[]] $SID,
        [Parameter(ParameterSetName = 'OnlyWellKnown')][switch] $OnlyWellKnown,
        [Parameter(ParameterSetName = 'OnlyWellKnownAdministrative')][switch] $OnlyWellKnownAdministrative,
        [Parameter(ParameterSetName = 'Standard')][switch] $DoNotResolve)
    $WellKnownAdministrative = @{'S-1-5-18' = [PSCustomObject] @{Name = 'NT AUTHORITY\SYSTEM'
            SID                                                       = 'S-1-5-18'
            DomainName                                                = ''
            Type                                                      = 'WellKnownAdministrative'
            Error                                                     = ''
        }
        'S-1-5-32-544'                      = [PSCustomObject] @{Name = 'BUILTIN\Administrators'
            SID                                  = 'S-1-5-32-544'
            DomainName                           = ''
            Type                                 = 'WellKnownAdministrative'
            Error                                = ''
        }
    }
    $wellKnownSIDs = @{'S-1-0'                                           = [PSCustomObject] @{Name = 'Null AUTHORITY'
            SID                                          = 'S-1-0'
            DomainName                                   = ''
            Type                                         = 'WellKnownGroup'
            Error                                        = ''
        }
        'S-1-0-0'                                                        = [PSCustomObject] @{Name = 'NULL SID'
            SID                             = 'S-1-0-0'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-1'                                                          = [PSCustomObject] @{Name = 'WORLD AUTHORITY'
            SID                           = 'S-1-1'
            DomainName                    = ''
            Type                          = 'WellKnownGroup'
            Error                         = ''
        }
        'S-1-1-0'                                                        = [PSCustomObject] @{Name = 'Everyone'
            SID                             = 'S-1-1-0'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-2'                                                          = [PSCustomObject] @{Name = 'LOCAL AUTHORITY'
            SID                           = 'S-1-2'
            DomainName                    = ''
            Type                          = 'WellKnownGroup'
            Error                         = ''
        }
        'S-1-2-0'                                                        = [PSCustomObject] @{Name = 'LOCAL'
            SID                             = 'S-1-2-0'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-2-1'                                                        = [PSCustomObject] @{Name = 'CONSOLE LOGON'
            SID                             = 'S-1-2-1'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-3'                                                          = [PSCustomObject] @{Name = 'CREATOR AUTHORITY'
            SID                           = 'S-1-3'
            DomainName                    = ''
            Type                          = 'WellKnownGroup'
            Error                         = ''
        }
        'S-1-3-0'                                                        = [PSCustomObject] @{Name = 'CREATOR OWNER'
            SID                             = 'S-1-3-0'
            DomainName                      = ''
            Type                            = 'WellKnownAdministrative'
            Error                           = ''
        }
        'S-1-3-1'                                                        = [PSCustomObject] @{Name = 'CREATOR GROUP'
            SID                             = 'S-1-3-1'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-3-2'                                                        = [PSCustomObject] @{Name = 'CREATOR OWNER SERVER'
            SID                             = 'S-1-3-2'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-3-3'                                                        = [PSCustomObject] @{Name = 'CREATOR GROUP SERVER'
            SID                             = 'S-1-3-3'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-3-4'                                                        = [PSCustomObject] @{Name = 'OWNER RIGHTS'
            SID                             = 'S-1-3-4'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-80-0'                                                     = [PSCustomObject] @{Name = 'NT SERVICE\ALL SERVICES'
            SID                                = 'S-1-5-80-0'
            DomainName                         = ''
            Type                               = 'WellKnownGroup'
            Error                              = ''
        }
        'S-1-4'                                                          = [PSCustomObject] @{Name = 'Non-unique Authority'
            SID                           = 'S-1-4'
            DomainName                    = ''
            Type                          = 'WellKnownGroup'
            Error                         = ''
        }
        'S-1-5'                                                          = [PSCustomObject] @{Name = 'NT AUTHORITY'
            SID                           = 'S-1-5'
            DomainName                    = ''
            Type                          = 'WellKnownGroup'
            Error                         = ''
        }
        'S-1-5-1'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\DIALUP'
            SID                             = 'S-1-5-1'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-2'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\NETWORK'
            SID                             = 'S-1-5-2'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-3'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\BATCH'
            SID                             = 'S-1-5-3'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-4'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\INTERACTIVE'
            SID                             = 'S-1-5-4'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-6'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\SERVICE'
            SID                             = 'S-1-5-6'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-7'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\ANONYMOUS LOGON'
            SID                             = 'S-1-5-7'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-8'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\PROXY'
            SID                             = 'S-1-5-8'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-9'                                                        = [PSCustomObject] @{Name = 'NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS'
            SID                             = 'S-1-5-9'
            DomainName                      = ''
            Type                            = 'WellKnownGroup'
            Error                           = ''
        }
        'S-1-5-10'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\SELF'
            SID                              = 'S-1-5-10'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-11'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\Authenticated Users'
            SID                              = 'S-1-5-11'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-12'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\RESTRICTED'
            SID                              = 'S-1-5-12'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-13'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\TERMINAL SERVER USER'
            SID                              = 'S-1-5-13'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-14'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\REMOTE INTERACTIVE LOGON'
            SID                              = 'S-1-5-14'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-15'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\This Organization'
            SID                              = 'S-1-5-15'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-17'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\IUSR'
            SID                              = 'S-1-5-17'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-18'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\SYSTEM'
            SID                              = 'S-1-5-18'
            DomainName                       = ''
            Type                             = 'WellKnownAdministrative'
            Error                            = ''
        }
        'S-1-5-19'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\LOCAL SERVICE'
            SID                              = 'S-1-5-19'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-20'                                                       = [PSCustomObject] @{Name = 'NT AUTHORITY\NETWORK SERVICE'
            SID                              = 'S-1-5-20'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-32-544'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Administrators'
            SID                                  = 'S-1-5-32-544'
            DomainName                           = ''
            Type                                 = 'WellKnownAdministrative'
            Error                                = ''
        }
        'S-1-5-32-545'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Users'
            SID                                  = 'S-1-5-32-545'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-546'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Guests'
            SID                                  = 'S-1-5-32-546'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-547'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Power Users'
            SID                                  = 'S-1-5-32-547'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-548'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Account Operators'
            SID                                  = 'S-1-5-32-548'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-549'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Server Operators'
            SID                                  = 'S-1-5-32-549'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-550'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Print Operators'
            SID                                  = 'S-1-5-32-550'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-551'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Backup Operators'
            SID                                  = 'S-1-5-32-551'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-552'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Replicators'
            SID                                  = 'S-1-5-32-552'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-64-10'                                                    = [PSCustomObject] @{Name = 'NT AUTHORITY\NTLM Authentication'
            SID                                 = 'S-1-5-64-10'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-5-64-14'                                                    = [PSCustomObject] @{Name = 'NT AUTHORITY\SChannel Authentication'
            SID                                 = 'S-1-5-64-14'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-5-64-21'                                                    = [PSCustomObject] @{Name = 'NT AUTHORITY\Digest Authentication'
            SID                                 = 'S-1-5-64-21'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-5-80'                                                       = [PSCustomObject] @{Name = 'NT SERVICE'
            SID                              = 'S-1-5-80'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-5-83-0'                                                     = [PSCustomObject] @{Name = 'NT VIRTUAL MACHINE\Virtual Machines'
            SID                                = 'S-1-5-83-0'
            DomainName                         = ''
            Type                               = 'WellKnownGroup'
            Error                              = ''
        }
        'S-1-16-0'                                                       = [PSCustomObject] @{Name = 'Untrusted Mandatory Level'
            SID                              = 'S-1-16-0'
            DomainName                       = ''
            Type                             = 'WellKnownGroup'
            Error                            = ''
        }
        'S-1-16-4096'                                                    = [PSCustomObject] @{Name = 'Low Mandatory Level'
            SID                                 = 'S-1-16-4096'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-16-8192'                                                    = [PSCustomObject] @{Name = 'Medium Mandatory Level'
            SID                                 = 'S-1-16-8192'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-16-8448'                                                    = [PSCustomObject] @{Name = 'Medium Plus Mandatory Level'
            SID                                 = 'S-1-16-8448'
            DomainName                          = ''
            Type                                = 'WellKnownGroup'
            Error                               = ''
        }
        'S-1-16-12288'                                                   = [PSCustomObject] @{Name = 'High Mandatory Level'
            SID                                  = 'S-1-16-12288'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-16-16384'                                                   = [PSCustomObject] @{Name = 'System Mandatory Level'
            SID                                  = 'S-1-16-16384'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-16-20480'                                                   = [PSCustomObject] @{Name = 'Protected Process Mandatory Level'
            SID                                  = 'S-1-16-20480'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-16-28672'                                                   = [PSCustomObject] @{Name = 'Secure Process Mandatory Level'
            SID                                  = 'S-1-16-28672'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-554'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Pre-Windows 2000 Compatible Access'
            SID                                  = 'S-1-5-32-554'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-555'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Remote Desktop Users'
            SID                                  = 'S-1-5-32-555'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-556'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Network Configuration Operators'
            SID                                  = 'S-1-5-32-556'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-557'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Incoming Forest Trust Builders'
            SID                                  = 'S-1-5-32-557'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-558'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Performance Monitor Users'
            SID                                  = 'S-1-5-32-558'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-559'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Performance Log Users'
            SID                                  = 'S-1-5-32-559'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-560'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Windows Authorization Access Group'
            SID                                  = 'S-1-5-32-560'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-561'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Terminal Server License Servers'
            SID                                  = 'S-1-5-32-561'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-562'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Distributed COM Users'
            SID                                  = 'S-1-5-32-562'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-568'                                                   = [PSCustomObject] @{Name = 'BUILTIN\IIS_IUSRS'
            SID                                  = 'S-1-5-32-568'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-569'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Cryptographic Operators'
            SID                                  = 'S-1-5-32-569'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-573'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Event Log Readers'
            SID                                  = 'S-1-5-32-573'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-574'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Certificate Service DCOM Access'
            SID                                  = 'S-1-5-32-574'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-575'                                                   = [PSCustomObject] @{Name = 'BUILTIN\RDS Remote Access Servers'
            SID                                  = 'S-1-5-32-575'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-576'                                                   = [PSCustomObject] @{Name = 'BUILTIN\RDS Endpoint Servers'
            SID                                  = 'S-1-5-32-576'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-577'                                                   = [PSCustomObject] @{Name = 'BUILTIN\RDS Management Servers'
            SID                                  = 'S-1-5-32-577'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-578'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Hyper-V Administrators'
            SID                                  = 'S-1-5-32-578'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-579'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Access Control Assistance Operators'
            SID                                  = 'S-1-5-32-579'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-32-580'                                                   = [PSCustomObject] @{Name = 'BUILTIN\Remote Management Users'
            SID                                  = 'S-1-5-32-580'
            DomainName                           = ''
            Type                                 = 'WellKnownGroup'
            Error                                = ''
        }
        'S-1-5-90-0'                                                     = [PSCustomObject] @{Name = 'Window Manager\Window Manager Group'
            SID                                = 'S-1-5-90-0'
            DomainName                         = ''
            Type                               = 'WellKnownGroup'
            Error                              = ''
        }
        'S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420' = [PSCustomObject] @{Name = 'NT SERVICE\WdiServiceHost'
            SID                                                                                    = 'S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420'
            DomainName                                                                             = ''
            Type                                                                                   = 'WellKnownGroup'
            Error                                                                                  = ''
        }
    }
    foreach ($S in $SID) {
        if ($OnlyWellKnownAdministrative) { if ($WellKnownAdministrative[$S]) { $WellKnownAdministrative[$S] } } elseif ($OnlyWellKnown) { if ($wellKnownSIDs[$S]) { $wellKnownSIDs[$S] } } else {
            if ($wellKnownSIDs[$S]) { $wellKnownSIDs[$S] } else {
                if ($DoNotResolve) {
                    if ($S -like "S-1-5-21-*-519" -or $S -like "S-1-5-21-*-512") {
                        [PSCustomObject] @{Name = $S
                            SID                 = $S
                            DomainName          = ''
                            Type                = 'Administrative'
                            Error               = ''
                        }
                    } else {
                        [PSCustomObject] @{Name = $S
                            SID                 = $S
                            DomainName          = ''
                            Error               = ''
                            Type                = 'NotAdministrative'
                        }
                    }
                } else {
                    if (-not $Script:LocalComputerSID) { $Script:LocalComputerSID = Get-LocalComputerSid }
                    try {
                        if ($S.Length -le 18) {
                            $Type = 'NotAdministrative'
                            $Name = (([System.Security.Principal.SecurityIdentifier]::new($S)).Translate([System.Security.Principal.NTAccount])).Value
                            [PSCustomObject] @{Name = $Name
                                SID                 = $S
                                DomainName          = ''
                                Type                = $Type
                                Error               = ''
                            }
                        } else {
                            if ($S -like "S-1-5-21-*-519" -or $S -like "S-1-5-21-*-512") { $Type = 'Administrative' } else { $Type = 'NotAdministrative' }
                            $Name = (([System.Security.Principal.SecurityIdentifier]::new($S)).Translate([System.Security.Principal.NTAccount])).Value
                            [PSCustomObject] @{Name = $Name
                                SID                 = $S
                                DomainName          = if ($S -like "$Script:LocalComputerSID*") { '' } else { (ConvertFrom-NetbiosName -Identity $Name).DomainName }
                                Type                = $Type
                                Error               = ''
                            }
                        }
                    } catch {
                        [PSCustomObject] @{Name = $S
                            SID                 = $S
                            DomainName          = ''
                            Error               = $_.Exception.Message -replace [environment]::NewLine, ' '
                            Type                = 'Unknown'
                        }
                    }
                }
            }
        }
    }
}
function ConvertFrom-NetbiosName {
    [cmdletBinding()]
    param([Parameter(Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0)]
        [string[]] $Identity)
    process {
        foreach ($Ident in $Identity) {
            if ($Ident -like '*\*') {
                $NetbiosWithObject = $Ident -split "\\"
                if ($NetbiosWithObject.Count -eq 2) {
                    $LDAPQuery = ([ADSI]"LDAP://$($NetbiosWithObject[0])")
                    $DomainName = ConvertFrom-DistinguishedName -DistinguishedName $LDAPQuery.distinguishedName -ToDomainCN
                    [PSCustomObject] @{DomainName = $DomainName
                        Name                      = $NetbiosWithObject[1]
                    }
                } else {
                    [PSCustomObject] @{DomainName = ''
                        Name                      = $Ident
                    }
                }
            } else {
                [PSCustomObject] @{DomainName = ''
                    Name                      = $Ident
                }
            }
        }
    }
}
function Get-LocalComputerSid {
    <#
    .SYNOPSIS
    Get the SID of the local computer.
 
    .DESCRIPTION
    Get the SID of the local computer.
 
    .EXAMPLE
    Get-LocalComputerSid
 
    .NOTES
    General notes
    #>

    [cmdletBinding()]
    param()
    try {
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement
        $PrincipalContext = [System.DirectoryServices.AccountManagement.PrincipalContext]::new([System.DirectoryServices.AccountManagement.ContextType]::Machine)
        $UserPrincipal = [System.DirectoryServices.AccountManagement.UserPrincipal]::new($PrincipalContext)
        $Searcher = [System.DirectoryServices.AccountManagement.PrincipalSearcher]::new()
        $Searcher.QueryFilter = $UserPrincipal
        $User = $Searcher.FindAll()
        foreach ($U in $User) { if ($U.Sid.Value -like "*-500") { return $U.Sid.Value.TrimEnd("-500") } }
    } catch { Write-Warning -Message "Get-LocalComputerSid - Error: $($_.Exception.Message)" }
}
function ConvertFrom-DistinguishedName {
    <#
    .SYNOPSIS
    Converts a Distinguished Name to CN, OU, Multiple OUs or DC
 
    .DESCRIPTION
    Converts a Distinguished Name to CN, OU, Multiple OUs or DC
 
    .PARAMETER DistinguishedName
    Distinguished Name to convert
 
    .PARAMETER ToOrganizationalUnit
    Converts DistinguishedName to Organizational Unit
 
    .PARAMETER ToDC
    Converts DistinguishedName to DC
 
    .PARAMETER ToDomainCN
    Converts DistinguishedName to Domain Canonical Name (CN)
 
    .PARAMETER ToCanonicalName
    Converts DistinguishedName to Canonical Name
 
    .EXAMPLE
    $DistinguishedName = 'CN=Przemyslaw Klys,OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz'
    ConvertFrom-DistinguishedName -DistinguishedName $DistinguishedName -ToOrganizationalUnit
 
    Output:
    OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz
 
    .EXAMPLE
    $DistinguishedName = 'CN=Przemyslaw Klys,OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz'
    ConvertFrom-DistinguishedName -DistinguishedName $DistinguishedName
 
    Output:
    Przemyslaw Klys
 
    .EXAMPLE
    ConvertFrom-DistinguishedName -DistinguishedName 'OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz' -ToMultipleOrganizationalUnit -IncludeParent
 
    Output:
    OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz
    OU=Production,DC=ad,DC=evotec,DC=xyz
 
    .EXAMPLE
    ConvertFrom-DistinguishedName -DistinguishedName 'OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz' -ToMultipleOrganizationalUnit
 
    Output:
    OU=Production,DC=ad,DC=evotec,DC=xyz
 
    .EXAMPLE
    $Con = @(
        'CN=Windows Authorization Access Group,CN=Builtin,DC=ad,DC=evotec,DC=xyz'
        'CN=Mmm,DC=elo,CN=nee,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=ad,DC=evotec,DC=xyz'
        'CN=e6d5fd00-385d-4e65-b02d-9da3493ed850,CN=Operations,CN=DomainUpdates,CN=System,DC=ad,DC=evotec,DC=xyz'
        'OU=Domain Controllers,DC=ad,DC=evotec,DC=pl'
        'OU=Microsoft Exchange Security Groups,DC=ad,DC=evotec,DC=xyz'
    )
 
    ConvertFrom-DistinguishedName -DistinguishedName $Con -ToLastName
 
    Output:
    Windows Authorization Access Group
    Mmm
    e6d5fd00-385d-4e65-b02d-9da3493ed850
    Domain Controllers
    Microsoft Exchange Security Groups
 
    .EXAMPLEE
    ConvertFrom-DistinguishedName -DistinguishedName 'DC=ad,DC=evotec,DC=xyz' -ToCanonicalName
    ConvertFrom-DistinguishedName -DistinguishedName 'OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz' -ToCanonicalName
    ConvertFrom-DistinguishedName -DistinguishedName 'CN=test,OU=Users,OU=Production,DC=ad,DC=evotec,DC=xyz' -ToCanonicalName
 
    Output:
    ad.evotec.xyz
    ad.evotec.xyz\Production\Users
    ad.evotec.xyz\Production\Users\test
 
    .NOTES
    General notes
    #>

    [CmdletBinding(DefaultParameterSetName = 'Default')]
    param([Parameter(ParameterSetName = 'ToOrganizationalUnit')]
        [Parameter(ParameterSetName = 'ToMultipleOrganizationalUnit')]
        [Parameter(ParameterSetName = 'ToDC')]
        [Parameter(ParameterSetName = 'ToDomainCN')]
        [Parameter(ParameterSetName = 'Default')]
        [Parameter(ParameterSetName = 'ToLastName')]
        [Parameter(ParameterSetName = 'ToCanonicalName')]
        [alias('Identity', 'DN')][Parameter(ValueFromPipeline, ValueFromPipelineByPropertyName, Position = 0)][string[]] $DistinguishedName,
        [Parameter(ParameterSetName = 'ToOrganizationalUnit')][switch] $ToOrganizationalUnit,
        [Parameter(ParameterSetName = 'ToMultipleOrganizationalUnit')][alias('ToMultipleOU')][switch] $ToMultipleOrganizationalUnit,
        [Parameter(ParameterSetName = 'ToMultipleOrganizationalUnit')][switch] $IncludeParent,
        [Parameter(ParameterSetName = 'ToDC')][switch] $ToDC,
        [Parameter(ParameterSetName = 'ToDomainCN')][switch] $ToDomainCN,
        [Parameter(ParameterSetName = 'ToLastName')][switch] $ToLastName,
        [Parameter(ParameterSetName = 'ToCanonicalName')][switch] $ToCanonicalName)
    Process {
        foreach ($Distinguished in $DistinguishedName) {
            if ($ToDomainCN) {
                $DN = $Distinguished -replace '.*?((DC=[^=]+,)+DC=[^=]+)$', '$1'
                $CN = $DN -replace ',DC=', '.' -replace "DC="
                if ($CN) { $CN }
            } elseif ($ToOrganizationalUnit) {
                $Value = [Regex]::Match($Distinguished, '(?=OU=)(.*\n?)(?<=.)').Value
                if ($Value) { $Value }
            } elseif ($ToMultipleOrganizationalUnit) {
                if ($IncludeParent) { $Distinguished }
                while ($true) {
                    $Distinguished = $Distinguished -replace '^.+?,(?=..=)'
                    if ($Distinguished -match '^DC=') { break }
                    $Distinguished
                }
            } elseif ($ToDC) {
                $Value = $Distinguished -replace '.*?((DC=[^=]+,)+DC=[^=]+)$', '$1'
                if ($Value) { $Value }
            } elseif ($ToLastName) {
                $NewDN = $Distinguished -split ",DC="
                if ($NewDN[0].Contains(",OU=")) { [Array] $ChangedDN = $NewDN[0] -split ",OU=" } elseif ($NewDN[0].Contains(",CN=")) { [Array] $ChangedDN = $NewDN[0] -split ",CN=" } else { [Array] $ChangedDN = $NewDN[0] }
                if ($ChangedDN[0].StartsWith('CN=')) { $ChangedDN[0] -replace 'CN=', '' } else { $ChangedDN[0] -replace 'OU=', '' }
            } elseif ($ToCanonicalName) {
                $Domain = $null
                $Rest = $null
                foreach ($O in $Distinguished -split '(?<!\\),') { if ($O -match '^DC=') { $Domain += $O.Substring(3) + '.' } else { $Rest = $O.Substring(3) + '\' + $Rest } }
                if ($Domain -and $Rest) { $Domain.Trim('.') + '\' + ($Rest.TrimEnd('\') -replace '\\,', ',') } elseif ($Domain) { $Domain.Trim('.') } elseif ($Rest) { $Rest.TrimEnd('\') -replace '\\,', ',' }
            } else {
                $Regex = '^CN=(?<cn>.+?)(?<!\\),(?<ou>(?:(?:OU|CN).+?(?<!\\),)+(?<dc>DC.+?))$'
                $Found = $Distinguished -match $Regex
                if ($Found) { $Matches.cn }
            }
        }
    }
}
function Add-UserRightsAssignment {
    <#
    .SYNOPSIS
    Add identity object to the specified user rights Assignment role.
 
    .DESCRIPTION
    Add identity object to the specified user rights Assignment role.
 
    .PARAMETER UserRightsAssignment
    Choose user rights assignment
 
    .PARAMETER Computer
    Choose computer name. If not specified, the current computer will be used.
 
    .PARAMETER Identity
    Choose identity object by providing it's full name
 
    .PARAMETER Suppress
    Suppress the output. By default returns the identity what happend as an object.
 
    .EXAMPLE
    Add-UserRightsAssignment -UserRightsAssignment SeBackupPrivilege -Identity "Evotec\Administrator"
 
    .NOTES
    General notes
    #>

    [cmdletBinding(SupportsShouldProcess)]
    param([parameter(Mandatory)][LocalSecurityEditor.UserRightsAssignment] $UserRightsAssignment,
        [alias('ComputerName')][string] $Computer,
        [parameter(Mandatory)][alias('UserName')][string] $Identity,
        [switch] $Suppress)
    $ConvertedIdentity = Convert-Identity -Identity $Identity
    if ($PSCmdlet.ShouldProcess("Adding $($ConvertedIdentity.Name)/$($ConvertedIdentity.Sid) to $UserRightsAssignment", 'Add-UserRightsAssignment')) {
        try { if ($Computer) { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new($Computer) } else { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new() } } catch {
            if (-not $Suppress) {
                [PSCustomObject] @{"Action" = 'Add'
                    "Identity"              = $ConvertedIdentity.Name
                    'SID'                   = $ConvertedIdentity.Sid
                    "UserRightsAssignment"  = $UserRightsAssignment
                    "Status"                = 'Failed'
                    "Error"                 = $($_.Exception.Message)
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                Write-Error "Could not create LsaWrapper. Error: $($_.Exception.Message)"
                return
            } else {
                Write-Warning -Message "Add-UserRightsAssignment - Could not create LsaWrapper. Error: $($_.Exception.Message)"
                return
            }
        }
        try {
            $null = $LsaWrapper.AddPrivileges($ConvertedIdentity.Name, $UserRightsAssignment)
            if (-not $Suppress) {
                [PSCustomObject] @{"Action" = 'Add'
                    "Identity"              = $ConvertedIdentity.Name
                    'SID'                   = $ConvertedIdentity.Sid
                    "UserRightsAssignment"  = $UserRightsAssignment
                    "Status"                = 'Success'
                    "Error"                 = ''
                }
            }
        } catch {
            if (-not $Suppress) {
                [PSCustomObject] @{"Action" = 'Add'
                    "Identity"              = $ConvertedIdentity.Name
                    'SID'                   = $ConvertedIdentity.Sid
                    "UserRightsAssignment"  = $UserRightsAssignment
                    "Status"                = 'Failure'
                    "Error"                 = $($_.Exception.Message)
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                Write-Error "Could not add privileges for $UserRightsAssignment. Error: $($_.Exception.Message)"
                return
            } else { Write-Warning -Message "Add-UserRightsAssignment - Could not add privileges for $UserRightsAssignment. Error: $($_.Exception.Message)" }
        }
        try { $LsaWrapper.Dispose() } catch { if ($PSBoundParameters.ErrorAction -eq 'Stop') { Write-Error "Could not dispose LsaWrapper. Error: $($_.Exception.Message)" } else { Write-Warning -Message "Add-UserRightsAssignment - Could not dispose LsaWrapper. Error: $($_.Exception.Message)" } }
    } else {
        if (-not $Suppress) {
            [PSCustomObject] @{"Action" = 'Add'
                "Identity"              = $ConvertedIdentity.Name
                'SID'                   = $ConvertedIdentity.Sid
                "UserRightsAssignment"  = $UserRightsAssignment
                "Status"                = 'WhatIf'
                "Error"                 = 'WhatIf in use.'
            }
        }
    }
}
Function Get-SecurityPolicy {
    <#
    .SYNOPSIS
    Get security policy settings being read from Local Security Policy using secedit.exe
 
    .DESCRIPTION
    Get security policy settings being read from Local Security Policy using secedit.exe
 
    .PARAMETER ConfigFile
    Optional path to the config file to use. If not specified, the temp config file will be used.
 
    .PARAMETER All
    Get all settings from all sections
 
    .PARAMETER SystemAccess
    Get specific setting from System Access section
 
    .PARAMETER EventAudit
    Get specific setting from Event Audit section
 
    .EXAMPLE
    Get-SecurityPolicy -Verbose -All
 
    .EXAMPLE
    Get-SecurityPolicy -SystemAccess LockoutBadCount
 
    .EXAMPLE
    Get-SecurityPolicy -SystemAccess MinimumPasswordLength
 
    .NOTES
    General notes
    #>

    [CmdletBinding(DefaultParameterSetName = 'SystemAccess')]
    param([string] $ConfigFile = "$env:TEMP\security.cfg",
        [Parameter(ParameterSetName = 'All')][switch] $All,
        [Parameter(Mandatory, ParameterSetName = 'SystemAccess')][ValidateSet('MinimumPasswordAge' ,
            'MaximumPasswordAge' ,
            'MinimumPasswordLength' ,
            'PasswordComplexity' ,
            'PasswordHistorySize' ,
            'LockoutBadCount' ,
            'ResetLockoutCount' ,
            'LockoutDuration' ,
            'RequireLogonToChangePassword',
            'ForceLogoffWhenHourExpire' ,
            'NewAdministratorName' ,
            'NewGuestName' ,
            'ClearTextPassword' ,
            'LSAAnonymousNameLookup' ,
            'EnableAdminAccount' ,
            'EnableGuestAccount')][string] $SystemAccess,
        [Parameter(Mandatory, ParameterSetName = 'EventAudit')][ValidateSet('AuditSystemEvents' ,
            'AuditLogonEvents' ,
            'AuditObjectAccess' ,
            'AuditPrivilegeUse' ,
            'AuditPolicyChange' ,
            'AuditAccountManage' ,
            'AuditProcessTracking' ,
            'AuditDSAccess' ,
            'AuditAccountLogon')][string] $EventAudit)
    if (Test-Path -LiteralPath $ConfigFile -ErrorAction SilentlyContinue) { Remove-Item -LiteralPath $ConfigFile -Force }
    $pinfo = [System.Diagnostics.ProcessStartInfo]::new()
    $pinfo.FileName = "secedit.exe"
    $pinfo.RedirectStandardError = $true
    $pinfo.RedirectStandardOutput = $true
    $pinfo.UseShellExecute = $false
    $pinfo.Arguments = "/export /cfg `"$ConfigFile`""
    $p = [System.Diagnostics.Process]::new()
    $p.StartInfo = $pinfo
    $p.Start() | Out-Null
    $p.WaitForExit()
    $Output = $p.StandardOutput.ReadToEnd().Trim()
    if ($Output -like "*task has completed successfully*") {
        $SecurityPolicy = [ordered] @{}
        $index = 0
        if (Test-Path -LiteralPath $ConfigFile -ErrorAction SilentlyContinue) {
            try {
                $contents = Get-Content -LiteralPath $ConfigFile -Raw -ErrorAction Stop
                [regex]::Matches($contents, "(?<=\[)(.*)(?=\])") | ForEach-Object { $title = $_
                    [regex]::Matches($contents, "(?<=\]).*?((?=\[)|(\Z))", [System.Text.RegularExpressions.RegexOptions]::Singleline)[$index] | ForEach-Object { $section = [ordered] @{}
                        $_.value -split "\r\n" | Where-Object { $_.length -gt 0 } | ForEach-Object { $value = [regex]::Match($_, "(?<=\=).*").value
                            $name = [regex]::Match($_, ".*(?=\=)").value
                            $section[$name.tostring().trim()] = $value.tostring().trim() }
                        $SecurityPolicy[$Title.Value] = $Section }
                    $index += 1 }
            } catch { if ($PSBoundParameters.ErrorAction -eq 'Stop') { throw } else { Write-Warning -Message "Failed to export security policy. Error: $($_.Exception.Message)" } }
        }
        if ($All) { $SecurityPolicy } elseif ($SystemAccess) {
            [PSCustomObject] @{Name = $SystemAccess
                Value               = $SecurityPolicy['System Access'].$SystemAccess
            }
        } elseif ($EventAudit) {
            [PSCustomObject] @{Name = $EventAudit
                Value               = $SecurityPolicy['Event Audit'].$EventAudit
            }
        }
    } else { if ($PSBoundParameters.ErrorAction -eq 'Stop') { throw $Output } else { Write-Warning -Message "Failed to export security policy. Error: $($Output)" } }
}
function Get-UserRightsAssignment {
    <#
    .SYNOPSIS
    Provides a list of users assigned to a specific role.
 
    .DESCRIPTION
    Provides a list of users assigned to a specific role.
 
    .PARAMETER UserRightsAssignment
    Choose the role to list the users assigned to.
 
    .PARAMETER Computer
    Choose computer name. If not specified, the current computer will be used.
 
    .PARAMETER All
    Get all users for all user rights assignment for the specified computer.
 
    .EXAMPLE
    Get-UserRightsAssignment -All
 
    .EXAMPLE
    Get-UserRightsAssignment -UserRightsAssignment SeBackupPrivilege
 
    .NOTES
    General notes
    #>

    [cmdletBinding(DefaultParameterSetName = 'UserRights')]
    param([parameter(Mandatory, ParameterSetName = 'UserRights')][LocalSecurityEditor.UserRightsAssignment] $UserRightsAssignment,
        [alias('ComputerName')][string] $Computer,
        [parameter(ParameterSetName = 'All')][switch] $All)
    try { if ($Computer) { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new($Computer) } else { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new() } } catch {
        if ($PSBoundParameters.ErrorAction -eq 'Stop') {
            Write-Error "Could not create LsaWrapper. Error: $($_.Exception.Message)"
            return
        } else {
            Write-Warning -Message "Get-UserRightsAssignment - Could not create LsaWrapper. Error: $($_.Exception.Message)"
            return
        }
    }
    if ($All) {
        $Output = [ordered] @{}
        $EnumValues = [Enum]::GetNames([LocalSecurityEditor.UserRightsAssignment])
        foreach ($Value in $EnumValues | Sort-Object) {
            try { $PriviligeOutput = $LsaWrapper.GetPrivileges($Value) } catch {
                $PriviligeOutput = $null
                if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                    Write-Error "Could not get privileges for $Value. Error: $($_.Exception.Message)"
                    return
                } else { Write-Warning -Message "Get-UserRightsAssignment - Could not get privileges for $Value. Error: $($_.Exception.Message)" }
            }
            $Output[$Value] = foreach ($P in $PriviligeOutput) { Convert-Identity -Identity $P }
        }
        $Output
    } else {
        try { $PriviligeOutput = $LsaWrapper.GetPrivileges($UserRightsAssignment) } catch {
            if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                Write-Error "Could not get privileges for $UserRightsAssignment. Error: $($_.Exception.Message)"
                return
            } else { Write-Warning -Message "Get-UserRightsAssignment - Could not get privileges for $UserRightsAssignment. Error: $($_.Exception.Message)" }
        }
        foreach ($P in $PriviligeOutput) { Convert-Identity -Identity $P }
    }
    try { $LsaWrapper.Dispose() } catch {
        if ($PSBoundParameters.ErrorAction -eq 'Stop') {
            Write-Error "Could not dispose LsaWrapper. Error: $($_.Exception.Message)"
            return
        } else {
            Write-Warning -Message "Get-UserRightsAssignment - Could not dispose LsaWrapper. Error: $($_.Exception.Message)"
            return
        }
    }
}
function Remove-UserRightsAssignment {
    <#
    .SYNOPSIS
    Remove identity object from User Rights Assignment role
 
    .DESCRIPTION
    Remove identity object from User Rights Assignment role
 
    .PARAMETER UserRightsAssignment
    Choose user rights assignment
 
    .PARAMETER Computer
    Choose computer name. If not specified, the current computer will be used.
 
    .PARAMETER Identity
    Provide the user name to remove the user rights assignment for
 
    .PARAMETER Suppress
    Suppress the output. By default returns the identity what happend as an object.
 
    .EXAMPLE
    Remove-UserRightsAssignment -UserRightsAssignment SeBackupPrivilege -Identity "Evotec\Administrator"
 
    .NOTES
    General notes
    #>

    [cmdletBinding(SupportsShouldProcess)]
    param([parameter(Mandatory)][LocalSecurityEditor.UserRightsAssignment] $UserRightsAssignment,
        [alias('ComputerName')][string] $Computer,
        [parameter(Mandatory)][alias('UserName')][string] $Identity,
        [switch] $Suppress)
    $ConvertedIdentity = Convert-Identity -Identity $Identity
    try { if ($Computer) { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new($Computer) } else { $LsaWrapper = [LocalSecurityEditor.LsaWrapper]::new() } } catch {
        if (-not $Suppress) {
            [PSCustomObject] @{"Action" = 'Remove'
                "Identity"              = $ConvertedIdentity.Name
                'SID'                   = $ConvertedIdentity.Sid
                "UserRightsAssignment"  = $UserRightsAssignment
                "Status"                = 'Failure'
                "Error"                 = $($_.Exception.Message)
            }
        }
        if ($PSBoundParameters.ErrorAction -eq 'Stop') {
            Write-Error "Could not create LsaWrapper. Error: $($_.Exception.Message)"
            return
        } else {
            Write-Warning -Message "Remove-UserRightsAssignment - Could not create LsaWrapper. Error: $($_.Exception.Message)"
            return
        }
    }
    if ($PSCmdlet.ShouldProcess("Removing $($ConvertedIdentity.Name)/$($ConvertedIdentity.Sid) from $UserRightsAssignment", 'Add-UserRightsAssignment')) {
        try {
            $LsaWrapper.RemovePrivileges($ConvertedIdentity.Name, $UserRightsAssignment)
            if (-not $Suppress) {
                [PSCustomObject] @{"Action" = 'Remove'
                    "Identity"              = $ConvertedIdentity.Name
                    'SID'                   = $ConvertedIdentity.Sid
                    "UserRightsAssignment"  = $UserRightsAssignment
                    "Status"                = 'Success'
                    "Error"                 = ''
                }
            }
        } catch {
            if (-not $Suppress) {
                [PSCustomObject] @{"Action" = 'Remove'
                    "Identity"              = $ConvertedIdentity.Name
                    'SID'                   = $ConvertedIdentity.Sid
                    "UserRightsAssignment"  = $UserRightsAssignment
                    "Status"                = 'Failure'
                    "Error"                 = $($_.Exception.Message)
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                Write-Error "Could not remove privileges for $UserRightsAssignment. Error: $($_.Exception.Message)"
                return
            } else {
                Write-Warning -Message "Remove-UserRightsAssignment - Could not remove privileges for $UserRightsAssignment. Error: $($_.Exception.Message)"
                return
            }
        }
        try { $LsaWrapper.Dispose() } catch {
            if ($PSBoundParameters.ErrorAction -eq 'Stop') {
                Write-Error "Could not dispose LsaWrapper. Error: $($_.Exception.Message)"
                return
            } else {
                Write-Warning -Message "Remove-UserRightsAssignment - Could not dispose LsaWrapper. Error: $($_.Exception.Message)"
                return
            }
        }
    } else {
        if (-not $Suppress) {
            [PSCustomObject] @{"Action" = 'Remove'
                "Identity"              = $ConvertedIdentity.Name
                'SID'                   = $ConvertedIdentity.Sid
                "UserRightsAssignment"  = $UserRightsAssignment
                "Status"                = 'WhatIf'
                "Error"                 = 'WhatIf in use.'
            }
        }
    }
}
function Set-SecurityPolicy {
    <#
    .SYNOPSIS
    Set security policy ssetting in the Local Security Policy using secedit.exe
 
    .DESCRIPTION
    Set security policy ssetting in the Local Security Policy using secedit.exe
 
    .PARAMETER SystemAccess
    Choose specific system access policy.
 
    .PARAMETER Value
    Set specific value for the policy.
 
    .PARAMETER ConfigFile
    Optional path to the config file to use. If not specified, the temp config file will be used.
 
    .PARAMETER Suppress
    Suppress the output. By default output is provided
 
    .EXAMPLE
    Set-SecurityPolicy -SystemAccess MinimumPasswordAge -Value 1 -Whatif
 
    .NOTES
    General notes
    #>

    [cmdletBinding(SupportsShouldProcess)]
    param([Parameter(Mandatory)][ValidateSet('MinimumPasswordAge' ,
            'MaximumPasswordAge' ,
            'MinimumPasswordLength' ,
            'PasswordComplexity' ,
            'PasswordHistorySize' ,
            'LockoutBadCount' ,
            'ResetLockoutCount' ,
            'LockoutDuration' ,
            'RequireLogonToChangePassword',
            'ForceLogoffWhenHourExpire' ,
            'NewAdministratorName' ,
            'NewGuestName' ,
            'ClearTextPassword' ,
            'LSAAnonymousNameLookup' ,
            'EnableAdminAccount' ,
            'EnableGuestAccount')][string] $SystemAccess,
        [Parameter(Mandatory)][object] $Value,
        [string] $ConfigFile = "$env:TEMP\security.cfg",
        [switch] $Suppress)
    if ($PSCmdlet.ShouldProcess("$SystemAccess to $Value", "Set-SecurityPolicy")) {
        try { $Object = Get-SecurityPolicy -ConfigFile $ConfigFile -ErrorAction Stop -All } catch {
            if (-not $Suppress) {
                [PSCustomObject] @{"Name" = $SystemAccess
                    "Value"               = $Value
                    "Status"              = $false
                    "Error"               = $($_.Exception.Message)
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') { throw } else {
                Write-Warning -Message "Failed to read security policy. Error: $($_.Exception.Message)"
                return
            }
        }
        if ($SystemAccess) { $Object.'System Access'.$SystemAccess = $Value }
        try {
            $Object.GetEnumerator() | ForEach-Object { "[$($_.Name)]"
                $_.Value | ForEach-Object { $_.GetEnumerator() | ForEach-Object { "$($_.Name)=$($_.Value)" } } } | Out-File -LiteralPath $ConfigFile -ErrorAction Stop
        } catch {
            if (-not $Suppress) {
                [PSCustomObject] @{"Name" = $SystemAccess
                    "Value"               = $Value
                    "Status"              = $false
                    "Error"               = $($_.Exception.Message)
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') { throw } else {
                Write-Warning -Message "Failed to save security policy. Error: $($_.Exception.Message)"
                return
            }
        }
        $pinfo = [System.Diagnostics.ProcessStartInfo]::new()
        $pinfo.FileName = "secedit.exe"
        $pinfo.RedirectStandardError = $true
        $pinfo.RedirectStandardOutput = $true
        $pinfo.UseShellExecute = $false
        $pinfo.Arguments = " /configure /db c:\windows\security\local.sdb /cfg `"$ConfigFile`" /areas SECURITYPOLICY"
        $p = [System.Diagnostics.Process]::new()
        $p.StartInfo = $pinfo
        $p.Start() | Out-Null
        $p.WaitForExit()
        $Output = $p.StandardOutput.ReadToEnd()
        $Errors = $p.StandardError.ReadToEnd()
        if ($Output -like "*task has completed successfully*") {
            if (-not $Suppress) {
                [PSCustomObject] @{"Name" = $SystemAccess
                    "Value"               = $Value
                    "Status"              = $true
                    "Error"               = ""
                }
            }
        } else {
            if (-not $Suppress) {
                [PSCustomObject] @{"Name" = $SystemAccess
                    "Value"               = $Value
                    "Status"              = $false
                    "Error"               = $Errors
                }
            }
            if ($PSBoundParameters.ErrorAction -eq 'Stop') { throw $Errors } else { Write-Warning -Message "Failed to save security policy. Error: $Errors" }
        }
    } else {}
}
function Set-UserRightsAssignment {
    <#
    .SYNOPSIS
    Overwrites current user rights assignment with the specified identities.
 
    .DESCRIPTION
    Overwrites current user rights assignment with the specified identities.
    It does so by adding only missing rights, and removing the ones that require removal.
    Identies that don't require changing are left as is.
 
    .PARAMETER UserRightsAssignment
    Choose user rights assignment
 
    .PARAMETER Computer
    Choose computer name. If not specified, the current computer will be used.
 
    .PARAMETER Identity
    Provide the identities to set the user rights assignment for
 
    .PARAMETER Suppress
    Suppress the output. By default returns the identity what happend as an object.
 
    .EXAMPLE
    $Identity = @(
        'BUILTIN\Backup Operators'
        'BUILTIN\Administrators'
        'Guest'
        'BUILTIN\Users'
        'przemyslaw.klys'
    )
 
    Set-UserRightsAssignment-UserRightsAssignment SeBackupPrivilege -Identity $Identity -WhatIf
 
    .NOTES
    General notes
    #>

    [CmdletBinding(SupportsShouldProcess)]
    param([parameter(Mandatory, ParameterSetName = 'UserRights')][LocalSecurityEditor.UserRightsAssignment] $UserRightsAssignment,
        [alias('ComputerName')][string] $Computer,
        [alias('UserName')][string[]] $Identity,
        [switch] $Suppress)
    $ToDo = [ordered] @{}
    $WhatHappend = [ordered] @{}
    $ConvertedIdentities = foreach ($I in $Identity) { Convert-Identity -Identity $I }
    $CurrentSettings = Get-UserRightsAssignment -UserRightsAssignment $UserRightsAssignment -Computer $Computer
    foreach ($I in $ConvertedIdentities.Name) { if ($I -in $CurrentSettings.Name) { $ToDo[$I] = 'DoNothing' } else { $ToDo[$I] = 'Add' } }
    foreach ($I in $CurrentSettings.Name) { if ($I -notin $ConvertedIdentities.Name) { $ToDo[$I] = 'Remove' } }
    foreach ($Action in $ToDo.Keys) {
        if ($ToDo[$Action] -eq 'Add') {
            $DidItWork = Add-UserRightsAssignment -UserRightsAssignment $UserRightsAssignment -Computer $Computer -Identity $Action
            $WhatHappend[$Action] = $DidItWork
        } elseif ($ToDo[$Action] -eq 'Remove') {
            $DidItWork = Remove-UserRightsAssignment -UserRightsAssignment $UserRightsAssignment -Computer $Computer -Identity $Action
            $WhatHappend[$Action] = $DidItWork
        } elseif ($ToDo[$Action] -eq 'DoNothing') {
            $DoNothingIdentity = Convert-Identity -Identity $I
            $WhatHappend[$Action] = [PSCustomObject] @{"Action" = 'DoNothing'
                "Identity"                                      = $Action
                'SID'                                           = $DoNothingIdentity.Sid
                "UserRightsAssignment"                          = $UserRightsAssignment
                "Status"                                        = 'NoAction'
                "Error"                                         = ''
            }
        }
    }
    if (-not $Suppress) { $WhatHappend }
}
Export-ModuleMember -Function @('Add-UserRightsAssignment', 'Get-SecurityPolicy', 'Get-UserRightsAssignment', 'Remove-UserRightsAssignment', 'Set-SecurityPolicy', 'Set-UserRightsAssignment') -Alias @()
# SIG # Begin signature block
# MIInPgYJKoZIhvcNAQcCoIInLzCCJysCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCwJyCBZfiAQkHM
# iNMUbyes6sUqcI472vsJMx6x3pW9g6CCITcwggO3MIICn6ADAgECAhAM5+DlF9hG
# /o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK
# EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV
# BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBa
# Fw0zMTExMTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lD
# ZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
# AQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71IDkoWGAM+IDaqRWVMmE8
# tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJSYd+fINcf
# 4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1
# lhb+WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqi
# uhOCEe05F52ZOnKh5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplaz
# vbKX7aqn8LfFqD+VFtD/oZbrCF8Yd08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGG
# MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXroq/0ksuCMS1Ri6enIZ3zbcgP
# MB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBBQUA
# A4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS
# TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf
# 6WXvh+DfwWdJs13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFv
# hsb6ZGjrgS2U60K3+owe3WLxvlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+
# S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76jRslbWyPpbdhAbHSoyahEHGdreLD
# +cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFMDCCBBigAwIBAgIQBAkYG1/Vu2Z1U0O1
# b5VQCDANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
# aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtE
# aWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMTMxMDIyMTIwMDAwWhcNMjgx
# MDIyMTIwMDAwWjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
# MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBT
# SEEyIEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEA+NOzHH8OEa9ndwfTCzFJGc/Q+0WZsTrbRPV/5aid2zLX
# cep2nQUut4/6kkPApfmJ1DcZ17aq8JyGpdglrA55KDp+6dFn08b7KSfH03sjlOSR
# I5aQd4L5oYQjZhJUM1B0sSgmuyRpwsJS8hRniolF1C2ho+mILCCVrhxKhwjfDPXi
# TWAYvqrEsq5wMWYzcT6scKKrzn/pfMuSoeU7MRzP6vIK5Fe7SrXpdOYr/mzLfnQ5
# Ng2Q7+S1TqSp6moKq4TzrGdOtcT3jNEgJSPrCGQ+UpbB8g8S9MWOD8Gi6CxR93O8
# vYWxYoNzQYIH5DiLanMg0A9kczyen6Yzqf0Z3yWT0QIDAQABo4IBzTCCAckwEgYD
# VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYB
# BQUHAwMweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k
# aWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0
# LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEGA1UdHwR6MHgwOqA4
# oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJv
# b3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
# dEFzc3VyZWRJRFJvb3RDQS5jcmwwTwYDVR0gBEgwRjA4BgpghkgBhv1sAAIEMCow
# KAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCgYIYIZI
# AYb9bAMwHQYDVR0OBBYEFFrEuXsqCqOl6nEDwGD5LfZldQ5YMB8GA1UdIwQYMBaA
# FEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqGSIb3DQEBCwUAA4IBAQA+7A1aJLPz
# ItEVyCx8JSl2qB1dHC06GsTvMGHXfgtg/cM9D8Svi/3vKt8gVTew4fbRknUPUbRu
# pY5a4l4kgU4QpO4/cY5jDhNLrddfRHnzNhQGivecRk5c/5CxGwcOkRX7uq+1UcKN
# JK4kxscnKqEpKBo6cSgCPC6Ro8AlEeKcFEehemhor5unXCBc2XGxDI+7qPjFEmif
# z0DLQESlE/DmZAwlCEIysjaKJAL+L3J+HNdJRZboWR3p+nRka7LrZkPas7CM1ekN
# 3fYBIM6ZMWM9CBoYs4GbT8aTEAb8B4H6i9r5gkn3Ym6hU/oSlBiFLpKR6mhsRDKy
# ZqHnGKSaZFHvMIIFPTCCBCWgAwIBAgIQBNXcH0jqydhSALrNmpsqpzANBgkqhkiG
# 9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkw
# FwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEy
# IEFzc3VyZWQgSUQgQ29kZSBTaWduaW5nIENBMB4XDTIwMDYyNjAwMDAwMFoXDTIz
# MDcwNzEyMDAwMFowejELMAkGA1UEBhMCUEwxEjAQBgNVBAgMCcWabMSFc2tpZTER
# MA8GA1UEBxMIS2F0b3dpY2UxITAfBgNVBAoMGFByemVteXPFgmF3IEvFgnlzIEVW
# T1RFQzEhMB8GA1UEAwwYUHJ6ZW15c8WCYXcgS8WCeXMgRVZPVEVDMIIBIjANBgkq
# hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7KB3iyBrhkLUbbFe9qxhKKPBYqDBqln
# r3AtpZplkiVjpi9dMZCchSeT5ODsShPuZCIxJp5I86uf8ibo3vi2S9F9AlfFjVye
# 3dTz/9TmCuGH8JQt13ozf9niHecwKrstDVhVprgxi5v0XxY51c7zgMA2g1Ub+3ti
# i0vi/OpmKXdL2keNqJ2neQ5cYly/GsI8CREUEq9SZijbdA8VrRF3SoDdsWGf3tZZ
# zO6nWn3TLYKQ5/bw5U445u/V80QSoykszHRivTj+H4s8ABiforhi0i76beA6Ea41
# zcH4zJuAp48B4UhjgRDNuq8IzLWK4dlvqrqCBHKqsnrF6BmBrv+BXQIDAQABo4IB
# xTCCAcEwHwYDVR0jBBgwFoAUWsS5eyoKo6XqcQPAYPkt9mV1DlgwHQYDVR0OBBYE
# FBixNSfoHFAgJk4JkDQLFLRNlJRmMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAK
# BggrBgEFBQcDAzB3BgNVHR8EcDBuMDWgM6Axhi9odHRwOi8vY3JsMy5kaWdpY2Vy
# dC5jb20vc2hhMi1hc3N1cmVkLWNzLWcxLmNybDA1oDOgMYYvaHR0cDovL2NybDQu
# ZGlnaWNlcnQuY29tL3NoYTItYXNzdXJlZC1jcy1nMS5jcmwwTAYDVR0gBEUwQzA3
# BglghkgBhv1sAwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQu
# Y29tL0NQUzAIBgZngQwBBAEwgYQGCCsGAQUFBwEBBHgwdjAkBggrBgEFBQcwAYYY
# aHR0cDovL29jc3AuZGlnaWNlcnQuY29tME4GCCsGAQUFBzAChkJodHRwOi8vY2Fj
# ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJlZElEQ29kZVNpZ25p
# bmdDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAmr1sz4ls
# LARi4wG1eg0B8fVJFowtect7SnJUrp6XRnUG0/GI1wXiLIeow1UPiI6uDMsRXPHU
# F/+xjJw8SfIbwava2eXu7UoZKNh6dfgshcJmo0QNAJ5PIyy02/3fXjbUREHINrTC
# vPVbPmV6kx4Kpd7KJrCo7ED18H/XTqWJHXa8va3MYLrbJetXpaEPpb6zk+l8Rj9y
# G4jBVRhenUBUUj3CLaWDSBpOA/+sx8/XB9W9opYfYGb+1TmbCkhUg7TB3gD6o6ES
# Jre+fcnZnPVAPESmstwsT17caZ0bn7zETKlNHbc1q+Em9kyBjaQRcEQoQQNpezQu
# g9ufqExx6lHYDjCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZI
# hvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
# MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz
# dXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVow
# YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290
# IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjww
# IjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J5
# 8soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMH
# hOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6
# Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQ
# ecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4b
# A3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9
# WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCU
# tNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvo
# ZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/J
# vNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCP
# orF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMB
# Af8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXr
# oq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRt
# MGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEF
# BQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl
# ZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdp
# Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgw
# BgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cH
# vZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8
# UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTn
# f+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxU
# jG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8j
# LfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDCCBq4w
# ggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAwYjELMAkG
# A1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
# Z2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4X
# DTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMCVVMxFzAV
# BgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVk
# IEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcN
# AQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh1tKD0Z5M
# om2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+FeoAn39Q7SE
# 2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1decfBmWN
# lCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxndX7RUCyFo
# bjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6Th+xtVhN
# ef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPjQ2OAe3Vu
# JyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6ic/rnH1pslPJSlRErWHRAKKtz
# Q87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JMq++bPf4O
# uGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh3pP+OcD5
# sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8ju2TjY+Cm
# 4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnSDmuZDNIz
# tM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS6
# FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/57qY
# rhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYIKwYB
# BQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20w
# QQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy
# dFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwz
# LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1UdIAQZ
# MBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAfVmO
# wJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp/GnBzx0H
# 6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40BIiXOlWk/
# R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2dfNBwCnzv
# qLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibBt94q6/ae
# sXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7T6NJuXdm
# kfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZAmyEhQNC3
# EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdBeHo46Zzh
# 3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnKcPA3v5gA
# 3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/pNHzV9m8
# BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yYlvZVVCsf
# gPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPwwggbAMIIEqKADAgECAhAMTWly
# S5T6PCpKPSkHgD1aMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRcwFQYD
# VQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBH
# NCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0EwHhcNMjIwOTIxMDAwMDAw
# WhcNMzMxMTIxMjM1OTU5WjBGMQswCQYDVQQGEwJVUzERMA8GA1UEChMIRGlnaUNl
# cnQxJDAiBgNVBAMTG0RpZ2lDZXJ0IFRpbWVzdGFtcCAyMDIyIC0gMjCCAiIwDQYJ
# KoZIhvcNAQEBBQADggIPADCCAgoCggIBAM/spSY6xqnya7uNwQ2a26HoFIV0Mxom
# rNAcVR4eNm28klUMYfSdCXc9FZYIL2tkpP0GgxbXkZI4HDEClvtysZc6Va8z7GGK
# 6aYo25BjXL2JU+A6LYyHQq4mpOS7eHi5ehbhVsbAumRTuyoW51BIu4hpDIjG8b7g
# L307scpTjUCDHufLckkoHkyAHoVW54Xt8mG8qjoHffarbuVm3eJc9S/tjdRNlYRo
# 44DLannR0hCRRinrPibytIzNTLlmyLuqUDgN5YyUXRlav/V7QG5vFqianJVHhoV5
# PgxeZowaCiS+nKrSnLb3T254xCg/oxwPUAY3ugjZNaa1Htp4WB056PhMkRCWfk3h
# 3cKtpX74LRsf7CtGGKMZ9jn39cFPcS6JAxGiS7uYv/pP5Hs27wZE5FX/NurlfDHn
# 88JSxOYWe1p+pSVz28BqmSEtY+VZ9U0vkB8nt9KrFOU4ZodRCGv7U0M50GT6Vs/g
# 9ArmFG1keLuY/ZTDcyHzL8IuINeBrNPxB9ThvdldS24xlCmL5kGkZZTAWOXlLimQ
# prdhZPrZIGwYUWC6poEPCSVT8b876asHDmoHOWIZydaFfxPZjXnPYsXs4Xu5zGcT
# B5rBeO3GiMiwbjJ5xwtZg43G7vUsfHuOy2SJ8bHEuOdTXl9V0n0ZKVkDTvpd6kVz
# HIR+187i1Dp3AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/
# BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEE
# AjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8w
# HQYDVR0OBBYEFGKK3tBh/I8xFO2XC809KpQU31KcMFoGA1UdHwRTMFEwT6BNoEuG
# SWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQw
# OTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQG
# CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKG
# TGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJT
# QTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIB
# AFWqKhrzRvN4Vzcw/HXjT9aFI/H8+ZU5myXm93KKmMN31GT8Ffs2wklRLHiIY1UJ
# RjkA/GnUypsp+6M/wMkAmxMdsJiJ3HjyzXyFzVOdr2LiYWajFCpFh0qYQitQ/Bu1
# nggwCfrkLdcJiXn5CeaIzn0buGqim8FTYAnoo7id160fHLjsmEHw9g6A++T/350Q
# p+sAul9Kjxo6UrTqvwlJFTU2WZoPVNKyG39+XgmtdlSKdG3K0gVnK3br/5iyJpU4
# GYhEFOUKWaJr5yI+RCHSPxzAm+18SLLYkgyRTzxmlK9dAlPrnuKe5NMfhgFknADC
# 6Vp0dQ094XmIvxwBl8kZI4DXNlpflhaxYwzGRkA7zl011Fk+Q5oYrsPJy8P7mxNf
# arXH4PMFw1nfJ2Ir3kHJU7n/NBBn9iYymHv+XEKUgZSCnawKi8ZLFUrTmJBFYDOA
# 4CPe+AOk9kVH5c64A0JH6EE2cXet/aLol3ROLtoeHYxayB6a1cLwxiKoT5u92Bya
# UcQvmvZfpyeXupYuhVfAYOd4Vn9q78KVmksRAsiCnMkaBXy6cbVOepls9Oie1FqY
# yJ+/jbsYXEP10Cro4mLueATbvdH7WwqocH7wl4R44wgDXUcsY6glOJcB0j862uXl
# 9uab3H4szP8XTE0AotjWAQ64i+7m4HJViSwnGWH2dwGMMYIFXTCCBVkCAQEwgYYw
# cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ
# d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk
# IElEIENvZGUgU2lnbmluZyBDQQIQBNXcH0jqydhSALrNmpsqpzANBglghkgBZQME
# AgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEM
# BgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqG
# SIb3DQEJBDEiBCBnX3JFsxFFTEJ/PTp9X55lRR5cWa83s/Zj+tSkPGVLhTANBgkq
# hkiG9w0BAQEFAASCAQAYqnzFR7AfgFHjWEp6hC3QmTf3VQFw5gaXIh85FOyGhdCL
# scpxpoTV169AazGPmCbWobx+SB6hb8VzHrBeH4+DX6MxqJudBcua+TkRUqVMXPht
# eu+hJADauKYf/AtdWIF1+pwDh0ZWLJp6GzrmVea7x52/Y+F8JCGGu0v0BE3qv5cm
# r1pFjgtulvKol2QkYA918XbKjvQn4G/PUL55ElMLbPH89jNbebWQMxmBDRr7yAMN
# EHBWAh+I7b1CtWuPwOMwLpUlgq3v4PW06wFqyD1IeA+ibMhUN3Pm5RyY11FrKi5C
# SnYLQlS1uQJoNkchHdeg8f5rKVQhiYM1/M5MLpufoYIDIDCCAxwGCSqGSIb3DQEJ
# BjGCAw0wggMJAgEBMHcwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0
# LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hB
# MjU2IFRpbWVTdGFtcGluZyBDQQIQDE1pckuU+jwqSj0pB4A9WjANBglghkgBZQME
# AgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
# DTIzMDIwNDE3MzEwM1owLwYJKoZIhvcNAQkEMSIEIKACq8OnIjMwqtWGImYYL06V
# jOmRGffvmV0/QhVh3yuLMA0GCSqGSIb3DQEBAQUABIICAKoj6QI/GSb51SsI/GkF
# YHU114lIr9vD6brcaajRqySvEM94GkrWrZKW4etmHSPjEn+j2qT+bSFvzcLl2fyD
# ru5aMqnYdUlIj0LV+3pBmv0lKEp0/2YZ2KbFu+eo0wtIxeS2uNzD9GkkXpdcFdM+
# NEIaMP7WzugF/57n3vwvv8GNJJKCFZmaH9VCCylZFjBFJ2VXr1RDp70HfOS8F45p
# iqi7YRvvF0rZAiDddtjYOpUfdLlkonmISoCQt6z2ZpXBNdpsdqTGygx7YB7AC8xh
# SyJyWRNLEwu7quBZ5qOTies1wjt4iWNZ1j3r/9EvdhpoohqDyRv7DqFP0LZcOfMc
# SzK1gSipe+qpdrxbgoROqsmJf35JAGt1ONrp5U4LCsQSBpn5c70hikhQZ7tbo8lR
# aolJH1UeLmQAYhCeOdQVqQPxBLEFniUxtPm4bn2E2AFIAsQXYmmPW8AhnRPVckm8
# 25qQJoQZJWCAS/UFkwXW4Jo2Cf1ZzmuFKaCFzPDwGV5iGOvO3GFR5EAnelqpm9jZ
# CtEIvFxmohBLHZ1eQ+E3+U9sYgj2h6SK6010/t8lcUdAYAjVvcAm76SaRIKnX1PQ
# d3H6+a4kKEFJx72oqv3vH45oc5KtPdugATHtHzvirC1rCL+sYGJwoOp5mr0piVx7
# vBXEIMj8YAAijLHEvjj9rHf5
# SIG # End signature block