PowershellWindows

How to Convert SID to User/Group Name and User to SID?

By October 30, 2019No Comments

In Windows environment, each domain and local user, group and other security objects are assigned a unique identifier — Security Identifier or SID. It is an SID, but not the username, is used to control access to different resources: network shared folders, registry keys, file system objects, printers, etc. In this article we’ll show you some simple ways to find the SID of a user or group (Active Directory or local), and the reverse procedure – how to get the name of a Windows user or group by a known SID.To convert username to SID, you can use the excellent tool from the Sysinternals toolset – PsGetSid. But you have to download and install this tool on each computer manually. An example of usage PsGetSID to get a SID by a user account name:

PsGetSid PC1\jjsmith

To get username by SID use the command:

PsGetSid S-1-5-21-1175651296-1316133944-203321314-1005

In my opinion, the easiest way to convert SID -> Username and Username -> SID is to use the internal Windows CLI tools or simple PowerShell cmdlets:

How to Find a Local User SID?

To get the SID of the local user account on a current computer, you can use the wmic tool, which allows you to query the computer’s WMI namespace. To get the SID of the local user test_user, you can use the WMIC command:

wmic useraccount where name='test_user' get sid

wmic useraccount where name='test_user' get sid

The command above returned the SID of the specified local user. In this example – S-1-5-21-1175659216-1321616944-201305354-1005.

If you need to get the SID of the current user (under which the command is executed), run the following command:

wmic useraccount where name='%username%' get sid

Using the two .NET classes System.Security.Principal.SecurityIdentifier and System.Security.Principal.NTAccount you can get the SID of the local user with PowerShell:

$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

How to Get SID for an Active Directory User/Group?

The following command can be used to get a SID of the current domain account:

whoami /user

whoami /user

You can find out the domain user SID using WMIC tool. You must specify your domain name in the following command:

wmic useraccount where (name='jjsmith' and domain=′corp.woshub.com′) get sid

To find the SID of an AD domain user, you can use the Get-ADUser cmdlet that is part of the Active Directory Module for Windows PowerShell. Get the SID for the jjsmith account:

Get-ADUser -Identity 'jabrams' | select SID

Get-ADUser select SID

You can get the SID of an AD group using the Get-ADGroup cmdlet:

Get-ADGroup -Filter {Name -like "fr-sales-*"} | Select SID

get-adgroup get SID by group name

If the PowerShell AD module is not installed on your computer, you can get the user’s SID from AD domain using the .Net classes mentioned earlier:

$objUser = New-Object System.Security.Principal.NTAccount("corp.woshub.com","jabrams")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

System.Security.Principal.SecurityIdentifier

The same PowerShell one-liner command:

(new-object security.principal.ntaccount “jabrams").translate([security.principal.securityidentifier])

How to Convert a SID to User/Group Name?

To get the name of the user account by the SID (a reverse procedure), you can use one of the following commands:

wmic useraccount where sid='S-1-3-12-12451234567-1234567890-1234567-1434' get name

You can get the user name by a SID using the AD module for PowerShell:

Get-ADUser -Identity S-1-3-12-12451234567-1234567890-1234567-1434

To find the domain group name by a known SID, use the command:

Get-ADGroup -Identity S-1-5-21-247647651-3965464288-2949987117-23145222

get-adgroup select group by SID

You can also find out the group or user name by SID with the built-in PowerShell classes (without additional modules):

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S S-1-3-12-12451234567-1234567890-1234567-1434")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

Searching Active Directory by SID

If you don’t know what type of AD object a certain SID belongs to and what exact PoSh cmdlet to use to find it (Get-AdUser, Get-ADComputer or Get-ADGroup), you can use the universal method of searching objects in Active Directory  domain ba a SID using the Get-ADObject cmdlet.

$sid = ‘S-1-5-21-2412346651-123456789-123456789-12345678’
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object name, objectClass

Get-ADObject find Active Directory object by SID

In our case, the AD object with the specified SID is a domain computer (see the objectClass attribute).

Leave a Reply