When running SharpHound from a non-domain-joined Windows machine using supplied credentials, if target objects in the domain contain unresolvable SIDs (e.g., due to stale entries from broken two-way trusts), the tool repeatedly attempts to resolve them.
- SharpHound Version: 2.6.5
- SharpHoundCommon Version: 4.2.6
- Command : SharpHound -c DCOnly --ldapusername domainuser@ludus.domain --ldappassword ******** -d ludus.domain -v 1 --skipportcheck --disablecertverification --disablesigning --domaincontroller ludus.domain
- The machine executing SharpHound is not joined to the domain
- Some AD objects contain SIDs from a previously trusted domain (e.g., due to removed two-way trust)
- unresolvable SID (from a previously trusted domain) was present on many AD objects.
- Total object count is large (e.g., 500,000+ objects)
-
non-domain-joined 
-
domain-joined 
- SharpHound attempts to resolve unknown or external SIDs via DirectoryContext using GetDomain(...)
- Each failed resolution logs:
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Current security context is not associated with an Active Directory domain or forest.
| Scenario |
Cache |
Execution Time |
| Domain-joined host |
❌ / ✅ |
13 mins |
| Non-domain host, same creds |
✅ |
30 mins |
| Non-domain host, same creds |
❌ |
90 mins |
Is it possible to add unresolvable SID cache to avoid repeated requests or disable try get unresolvable SID?
When running SharpHound from a non-domain-joined Windows machine using supplied credentials, if target objects in the domain contain unresolvable SIDs (e.g., due to stale entries from broken two-way trusts), the tool repeatedly attempts to resolve them.
non-domain-joined
domain-joined
System.DirectoryServices.ActiveDirectory.ActiveDirectoryOperationException: Current security context is not associated with an Active Directory domain or forest.Is it possible to add unresolvable SID cache to avoid repeated requests or disable try get unresolvable SID?