Every object in Active Directory has a security identifier (SID). It is a combination of numbers that is attached to any object, such as a user, which states the permissions of that user. It tells the computer what that object is and is not allowed to do. When an object is deleted, however, the SID remains. SIDCleaner removes that remaining SID.
What happens to the SID if an object is deleted however? What if a user decides to quit the company? Even if you delete the user from Active Directory, the SID remains. It becomes a SID that does not reference anything. In other words, it is just garbage taking up space.
Even worse, the SID history attached to the SID remains. This can create a huge security hole in an environment. If someone finds a way to fetch the SID and SID history of an object, they can enter the environment and do anything that the deleted object had permission to do.
How does SIDCleaner work?
SIDCleaner goes into your Active Directory and looks around for any SIDs without any reference point. If it finds any SIDs not connected to any object, it will simply go ahead and delete the SID and its history.
This will free up space on your machine and make your environment more organized. Most importantly, it will prevent anyone from using your SID history to launch an attack on your environment.
For more information on how this tool works, watch the following instructional video:
How do i get SID Cleaner?