Change issues with empty SID and Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."#257
Conversation
…1" argument(s): "Some or all identity references could not be translated."
|
Thank you! This is wonderful! I'll review over the weekend. |
|
Oops! Forgot to review. Soon! |
|
It happens 😉 I’m looking forward to your feedback and result! |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a PowerShell translation error that occurs when trying to convert empty or invalid SIDs in a German AD environment. The changes prevent the "Some or all identity references could not be translated" exception by adding proper validation checks.
- Adds SID validation to prevent empty SID processing in Set-RiskRating.ps1
- Adds domain filtering to only process relevant administrators in Find-ESC7.ps1
- Minor documentation formatting change
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Private/Set-RiskRating.ps1 | Adds null check for SID before processing ESC7 issues |
| Private/Find-ESC7.ps1 | Adds domain filtering for admin processing to avoid invalid SIDs |
| Docs/Flowcharts/ESC1.md | Adds blank line at beginning of file |
| $IdentityReferenceObjectClass = Get-ADObject -Filter { objectSid -eq $SID } | Select-Object objectClass | ||
|
|
||
| # Check to make sure $SID isn't null. | ||
| if (!$SID) { |
There was a problem hiding this comment.
The null check logic is inverted. This condition will skip processing when SID is null/empty, but the code inside the block expects to process a valid SID. The condition should be 'if ($SID)' to only process when SID has a value.
| if (!$SID) { | |
| if ($SID) { |
There was a problem hiding this comment.
@mstraessner this one actually seems correct. Can you explain your use of negation here?
There was a problem hiding this comment.
In some customer environments and in my test Active Directory environment, the $SID variable was empty, which caused the translation error.
|
After spending some time reviewing this PR, I am going to send it back to the drawing board. Can you first focus your efforts on updating |
Your ESC analysis script has helped my customer, my company, and me a lot – thank you!
Yesterday, I encountered the following error in a German AD environment:
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
Today I tested it in my demo lab.
I found this:
After applying my changes, the issue was resolved.
I didn’t catch the "CA Unavailable" issue in the script – I didn’t dive too deep into error handling there.