icacls reusing old SID

[mafiatfc]

I have made a webpage for creating Active Directory users.  The page makes the user in AD then uses icacls on a share to give that new user rights to the home directory.  When the user and their home directory is deleted from active directory and recreated with the same name it obviously has a new SID.  When the page goes through its code it appears that icacls uses the SID that was previously used therefore the user cant save to their home directory because they have the wrong permissions.

 

Now, if I disable the icacls portion of the PHPpage and just have it create a user and then type in the icacls command manually in cmd.exe it finds the correct SID.

 

This is the line from the page:

$output = shell_exec("icacls \\\\dc\\share\\" . $username . " /grant " . $adDomainShort . "\\" . $username . ":(OI)(CI)(M)") or die("cacles died");

 

Is there a way to make the page get the current SID instead of the old one from the previously deleted user?

 

 

[mafiatfc]

I managed to fix the problem.  Instead of using icacls the way I was using it above, I have taken the user's SID from Active Directory upon creation and used the SID in icacls.