Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Active Directory / How to Convert SID to User/Group Name and User to SID?

July 10, 2019 Active DirectoryPowerShell

How to Convert SID to User/Group Name and User to SID?

In Windows environment, each domain and local user, group and other security objects are assigned a unique identifier — Security Identifier or SID. It is a SID, but not the username, that is used to control access to different resources: network shared folders, registry keys, file system objects, printers, etc. In this article, we’ll show you some simple ways to find the SID of a user or group (Active Directory or local), and the reverse procedure – how to get the name of a Windows user or group by a known SID.

To convert username to SID, you can use the excellent tool from the Sysinternals toolset – PsGetSid. But you have to download and install this tool on each computer manually. An example of usage PsGetSID to get a SID by a user account name:

PsGetSid PC1\jjsmith

To get username by SID use the command:

PsGetSid S-1-5-21-1175651296-1316133944-203321314-1005

In my opinion, the easiest way to convert SID -> Username and Username -> SID is to use the internal Windows CLI tools or simple PowerShell cmdlets:

Contents:
  • How to Find a Local User SID?
  • How to Get SID for an Active Directory User/Group?
  • How to Convert a SID to User/Group Name?
  • Searching Active Directory by SID

How to Find a Local User SID?

To get the SID of the local user account on a current computer, you can use the wmic tool, which allows you to query the computer’s WMI namespace. To get the SID of the local user test_user, you can use the WMIC command:

wmic useraccount where name='test_user' get sid

wmic useraccount where name='test_user' get sid

The command above returned the SID of the specified local user. In this example – S-1-5-21-1175659216-1321616944-201305354-1005.

If you need to get the SID of the current user (under which the command is being executed), run the following command:

wmic useraccount where name='%username%' get sid

Using the two .NET classes System.Security.Principal.SecurityIdentifier and System.Security.Principal.NTAccount you can get the SID of the local user with PowerShell:

$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

How to Get SID for an Active Directory User/Group?

The following command can be used to get a SID of the current domain account:

whoami /user

whoami /user

You can find out the domain user SID using WMIC tool. You must specify your domain name in the following command:

wmic useraccount where (name='jjsmith' and domain=′corp.woshub.com′) get sid

To find the SID of an AD domain user, you can use the Get-ADUser cmdlet that is a part of the Active Directory Module for Windows PowerShell. Get the SID for the jjsmith account:

Get-ADUser -Identity 'jabrams' | select SID

Get-ADUser select SID

You can get the SID of an AD group using the Get-ADGroup cmdlet:

Get-ADGroup -Filter {Name -like "fr-sales-*"} | Select SID

get-adgroup get SID by group name

If the PowerShell AD module is not installed on your computer, you can get the user’s SID from AD domain using the .Net classes mentioned earlier:

$objUser = New-Object System.Security.Principal.NTAccount("corp.woshub.com","jabrams")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

System.Security.Principal.SecurityIdentifier

The same PowerShell one-liner command:

(new-object security.principal.ntaccount “jabrams").translate([security.principal.securityidentifier])

How to Convert a SID to User/Group Name?

To get the name of the user account by the SID (a reverse procedure), you can use one of the following commands:

wmic useraccount where sid='S-1-3-12-12451234567-1234567890-1234567-1434' get name

You can get the user name by a SID using the AD module for PowerShell:

Get-ADUser -Identity S-1-3-12-12451234567-1234567890-1234567-1434

To find the domain group name by a known SID, use the command:

Get-ADGroup -Identity S-1-5-21-247647651-3965464288-2949987117-23145222

get-adgroup select group by SID

You can also find out the group or user name by SID with the built-in PowerShell classes (without additional modules):

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S S-1-3-12-12451234567-1234567890-1234567-1434")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

Searching Active Directory by SID

If you don’t know what type of AD object a certain SID belongs to and what exact PoSh cmdlet to use to find it (Get-AdUser, Get-ADComputer or Get-ADGroup), you can use the universal method of searching objects in Active Directory domain by a SID using the Get-ADObject cmdlet.

$sid = ‘S-1-5-21-2412346651-123456789-123456789-12345678’
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object name, objectClass

Get-ADObject find Active Directory object by SID

In our case, the AD object with the specified SID is a domain computer (see the objectClass attribute).

4 comments
4
Facebook Twitter Google + Pinterest
previous post
Fix: The Local Print Spooler Service Not Running in Windows 10
next post
How to Upgrade Windows Server 2019/2016 Evaluation to Full Version?

Related Reading

How to Sign a PowerShell Script (PS1) with...

February 25, 2021

Configuring PowerShell Script Execution Policy

February 18, 2021

Configuring Proxy Settings on Windows Using Group Policy...

February 17, 2021

Updating Group Policy Settings on Windows Domain Computers

February 16, 2021

How to Find Inactive Computers and Users in...

January 29, 2021

4 comments

matt smith May 13, 2019 - 3:21 pm

This was very useful, and thank you. I’ve noticed SIDs on files in O365, that are grouped in the format “S——. Additionally, some SIDs have another “2” 10-digit strings appended.

Do you happen to know what these mean? And why some have more groups of numbers than others? Are they group SIDs, perhaps, that are appended? Thanks very much in advance.

Reply
admin May 14, 2019 - 1:29 pm

Perhaps you have in mind not the SIDs, but the SDDL (Security Descriptor Definition Language) file permission format?
Check out the article: http://woshub.com/how-to-backup-and-restore-ntfs-permissions-using-icacls/

Reply
Jon November 4, 2019 - 2:31 pm

Excellent! Showing multiple ways to obtain result. Love the PowerShell one-liner for obtaining “SID from User” and the $objSID + $objUser to obtain the “User from SID” that you shared. Those work for both Local and Domain cross reference!

Reply
Powershell fun – Zewwy's Info Tech Talks March 2, 2020 - 3:00 am

[…] This is gon’ be fun! (Great Source) […]

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Troubleshoot, Repair and Rebuild the WMI Repository?

    March 2, 2021
  • Accessing USB Flash Drive from VMWare ESXi

    February 26, 2021
  • How to Sign a PowerShell Script (PS1) with a Code Signing Certificate?

    February 25, 2021
  • Change the Default Port Number (TCP/1433) for a MS SQL Server Instance

    February 24, 2021
  • How to Shadow (Remote Control) a User’s RDP session on RDS Windows Server 2016/2019?

    February 22, 2021
  • Configuring PowerShell Script Execution Policy

    February 18, 2021
  • Configuring Proxy Settings on Windows Using Group Policy Preferences

    February 17, 2021
  • Updating Group Policy Settings on Windows Domain Computers

    February 16, 2021
  • Managing Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10

    February 11, 2021
  • Packet Monitor (PktMon) – Built-in Packet Sniffer in Windows 10

    February 10, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • Get-ADUser: Getting Active Directory Users Info via PowerShell
  • Get-ADComputer: Find Computer Details in Active Directory with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Changing Desktop Background Wallpaper in Windows through GPO
  • How to Refresh AD Groups Membership without Reboot/Logoff?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top