There is a system or user account that is creating large Recycle Bin files on this 2008 Standard server. Unlike Windows 2003, there appears to be no clear way of determing which SID or user account is creating these large files. I need a method to determine which account is creating them.Walid Gharwal

This should work: #---------------------------------------------------------------------------------------------------------- function get-NTaccount #---------------------------------------------------------------------------------------------------------- # From http://www.leadfollowmove.com/archives/powershell/security-identifiers-sids-and-nt-account-name { Param ( $SID ) $id = New-Object System.Security.Principal.SecurityIdentifier($sid) $account = $id.Translate( [System.Security.Principal.NTAccount] ) return $account } #---------------------------------------------------------------------------------------------------------- foreach ($Sid in Get-ChildItem c:\`$Recycle.Bin -Force ) { Write-Output "c:\`$Recycle.Bin\$Sid is owned by $(get-NTaccount $Sid)" } KarlMy Blog: http://unlockpowershell.wordpress.com My Book: Windows PowerShell 2.0 Bible My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

I know how to get the account from the SID; the problem is getting the SID. I need to find out how to determine the SIDs associated with the various Recycle Bin files located in the Recycle Bin folder at the root of each drive. In Windows 2003 the SID showed up right next to the file. In Windows Server 2008, there is no apparant SID mapping.Walid Gharwal

In my case, the folder name IS the SID. What are you seeing? KarlMy Blog: http://unlockpowershell.wordpress.com My Book: Windows PowerShell 2.0 Bible My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

With Windows Server 2003 and Windows XP, the Recycle Bin file name is the SID. However, with Windows Server 2008, the file is only named "Recycle Bin." No other identification or file properties are available - at least via the GUI. Therefore, the problem of how to identify the SID (User account) responsible for the creation of each Recycle Bin file. Why was it so easily discernable in the previous two operating systems and with Server 2008 it is a mystery?

Did you even TRY my code? Every Server 2008 box I have seen has sub folders under recycle bin with a SID name, which my code converts into the owner name. KarlMy Blog: http://unlockpowershell.wordpress.com My Book: Windows PowerShell 2.0 Bible My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

I ran the script you provided and also checked again in the "$Recycle.Bin" folder. The provided script does produce results along the lines of outputtting lines such as "c:\$Recycle.Bin\S-1-5-21-1885640363 ~\UserAccountName" which is great - except for the fact that no such SIDs - or any SIDS at all - appear anywhere that I can find within the "$Recycle.Bin" folder. I have confirmed that all Folder View options relating to not hiding operating system files, or other hidden files or even file extensions are correct. In fact, I would not be able to see the "$Recycle.Bin" folder if the relevant option boxes were checked. When I double-click the "$Recycle.Bin" folder at the root of any drive on the server, I see a series of five files or folders all named the same: "Recycle Bin." Double-clciking those items does not produce anything useful either. I've tried this on several other machines and get the same result - unless the machine is a Windows 2003 server, in which case the SID is located within the $Recycle.Bin folder.

Try Get-ChildItem c:\`$Recycle.Bin -Force Karl My Blog: http://unlockpowershell.wordpress.com My Book: Windows PowerShell 2.0 Bible My E-mail: -join ("6B61726C6D69747363686B65406D742E6E6574"-split"(?<=\G.{2})",19|%{[char][int]"0x$_"})

The “Get-ChildItem C:\’$Recycle.Bin’ –Force command resolves the issue. Important note: It appears that the missing SID information within the Recycle folder is a bug confined to the original or pre-R2 Release version of the Server 2008 operating system. I was just informed by a colleague who had observed this same issue that he just checked on an R2 machine and on the R2 OS the SIDS appear just as they do in the earlier Server 2003 version. As an additional note, the pre-R2 versions that I am working with are service packed up through the current Microsoft releases, so it does not appear to be an issue addressed by the monthly patch cycle. Thank you for your assistance.