Remove Orphaned SIDs with PowerShell
An orphaned SID is an ACL entry whose underlying user, group, or computer was deleted but the access control entry was left behind. They show up as raw S-1-5-21-... numbers on the Security tab of AD objects and clutter audit reports without breaking access control. This article ships a complete RemoveOrphanedSID-AD.ps1 PowerShell script that recursively walks AD objects, identifies ACEs whose IdentityReference is a domain-prefixed SID that no longer resolves, and either lists or removes them. Includes the two-pass workflow (list, then remove), the -WhatIf dry-run mode, the AD: PowerShell drive provider details, why RemoveAccessRuleSpecific is the right method, and the common pitfalls (running -Remove first, scoping to forest before testing on one OU, confusing this with file-system ACL cleanup).