Windows OS Hub
  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows 10
    • Windows Server 2025
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
    • Proxmox
  • PowerShell
  • Linux

 Windows OS Hub / Active Directory / How to Convert SID to User/Group Name and User to SID

August 27, 2025

How to Convert SID to User/Group Name and User to SID

SID (Security IDentifier) is a unique identifier that is assigned to users, groups, computers, or other security objects when they are created in Windows, an Active Directory domain, or an Entra ID (Azure) tenant. Windows uses the SID, rather than user/group names, to control access to different resources: shared network folders, registry keys, file system objects (NTFS permissions), printers, etc. In this article, we’ll show how to find the SID of a user, group, or computer, as well as the reverse procedure: how to obtain an object name by a known SID.

Contents:
  • What is a Security Identifier (SID) in Windows?
  • How to Find a Local User Security Identifier (SID)
  • How to Get a User or Group SID in Active Directory
  • Getting the Local Machine and Domain SID of a Computer
  • How to Convert a SID to a User or Group Name

What is a Security Identifier (SID) in Windows?

As we mentioned, a SID (security identifier) allows you to uniquely identify a security principal (user, group, or computer) within a certain scope (domain or local computer). The following format is used for the SID string:

S-1-5-21–489056535-1467421822-2524099697–1231

  • S – indicates that this string contains a SID
  • 1 – version number of the identifier (always 1)
  • 5 – authority identifier (5 for NT Authority, 12 for Entra ID, 1– Everyone group)
  • 21-489056535-1467421822-2524099697– this is the unique identifier of the domain that issued the SID. This part will be the same for all objects within the same domain
  • 1231 – the object’s relative security identifier (RID). It starts at 1000 and increases by 1 for each new object. Issued by a domain controller with the FSMO role RID Master.

The SIDs of Active Directory objects are stored in the NTDS.dit database, and the SIDs of local users and groups are in the local Windows Security Account Manager (SAM) database in the HKEY_LOCAL_MACHINE\SAM\SAM registry key. A SID is a unique value within its issuing environment. For example, a local user SID is unique within a computer, while a domain SID is unique within a domain.

There are so-called Well-known SIDs in Windows. These are the SIDs for built-in users and groups on any Windows computer. For example:

  • S-1-5-32-544 – built-in Administrators group
  • S-1-5-32-545 – local users
  • S-1-5-32-555 – Remote Desktop Users group that is allowed to log in via RDP
  • S-1-5-21-<domain>-500 – built-in Windows administrator account (domain admin)
  • S-1-5-21-<domain>-512 — Domain Admins
  • S-1-5-21-<domain>-513 — Domain Users
  • etc.

In Windows, you can use different tools to convert SID -> Name and Username -> SID: whoami tool, wmic, WMI classes, PowerShell, or third-party utilities.

How to Find a Local User Security Identifier (SID)

You can use the wmic tool to query the computer’s WMI (Windows Management Instrumentation) namespace and get the SID of the local user account. To find the SID of the local user test_user, use the following WMIC command:

wmic useraccount where name='test_user' get sid

wmic useraccount where name='test_user' get sid

The command above returned the SID of the specified local userS-1-5-21-1175659216-1321616944-201305354-1005.

This command may return an error if the WMI repository is damaged. Follow this guide to repair the WMI repository.

However, starting with Windows 11 24H2 and Windows Server 2025, the wmic command is not installed by default, so you need to use PowerShell commands instead. Retrieve the SID of the user test_user from the WMI namespace using PowerShell (as an alternative to using the wmic command):

(Get-CimInstance -Class win32_userAccount -Filter "name='test_user' and domain='$env:computername'").SID

In the latest versions of PowerShell Core 7.x, you must use Get-CimInstance instead of the Get-WmiObjectcmdlet.

Another option is to find out the SID of a local user using the built-in LocalAccounts management PowerShell module:

Get-LocalUser -Name 'test_user' | Select-Object Name, SID

powershell: get local user security id (sid)

List all local Windows users and their SIDs:

Get-LocalUser | Select-Object  name,sid

list local users and sids with PowerShell

Obtain the SID of the current user (under which the command is executed):

Get-LocalUser -Name $env:USERNAME | Select-Object name,sid

Note that the registry stores information about local user profiles on the computer in the ProfileList key with the SID (rather than the username). Thus, the username can be extracted from the registry by its SID:

reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3414967564-123456789-0123456789-1006" /v ProfileImagePath

User SID in ProfileList registry

In the same way, you can get the SID of a group of the local computer:

Get-LocalGroup -Name tstGroup1 | Select-Object Name, SID

On older versions of Windows, you can also use the .NET classes System.Security.Principal.SecurityIdentifier and System.Security.Principal.NTAccount to get the user’s SID via PowerShell:

$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

How to Get a User or Group SID in Active Directory

Use the following command to obtain a SID for your current domain account:

whoami /user

whoami /user

You can also view the user’s SID in the Attribute Editor tab of the user’s properties in the graphical ADUC snap-in (dsa.msc). Check the value of the objectSid property.

get objectSID in AD

The WMIC tool can be used to obtain the SID of an Active Directory domain user. In this case, the domain name must be specified in the command:

wmic useraccount where (name='jjsmith' and domain='corp.woshub.com') get sid

However, the WMIC command has been deprecated. It is therefore better to use the Get-ADUser cmdlet (part of the Active Directory Module for Windows PowerShell) to obtain the SID of a domain user. Let’s get the SID for the jabrams domain user account:

Get-ADUser -Identity 'jabrams' | select SID

Get-ADUser select SID

You can use the Get-ADGroup cmdlet to get the SID of an AD security group.

Get-ADGroup -Filter {Name -like "fr-sales-*"} | Select SID

get-adgroup get SID by group name

If the PowerShell AD module is not installed on a computer, you can get the user’s SID from the AD domain using the .NET classes mentioned earlier:

$objUser = New-Object System.Security.Principal.NTAccount("corp.woshub.com","jabrams")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value

System.Security.Principal.SecurityIdentifier

The same PowerShell one-liner:

(new-object security.principal.ntaccount "jabrams").translate([security.principal.securityidentifier])

Getting the Local Machine and Domain SID of a Computer

If a Windows computer is joined to an Active Directory domain, it will have two different SIDs. The first SID is the local computer identifier, or Machine SID. The second is the unique computer object security identifier in AD.

You can get the SID of a computer in the Active Directory domain using the command:

Get-ADComputer mun-rds1 -properties sid|select name,sid

get-adcomputer sid

The SID of the local computer (Machine SID) can be obtained using the PsGetSID tool (https://docs.microsoft.com/en-us/sysinternals/downloads/psgetsid).

.\PsGetsid64.exe

Or (even simpler), by trimming the last 4 characters of any local user’s RID and SID:

$user=(Get-LocalUser Administrator).sid
$user -replace ".{4}$"

get local machine (computer) sid with psgetsid or powershell

When cloning computers in a domain (or deploying them from a template), it is recommended to reset their local Machine SID using the sysprep tool. Computers within a domain cannot have the same domain SID because otherwise the trust relationship between the workstation and the domain will break.

How to Convert a SID to a User or Group Name

Another common scenario is when you need to find the name of a user or group from a known SID (the reverse procedure). As shown in the screenshot below, the group member list displays the SIDs of objects instead of their names.

windows shows SIDs instead usernames

This typically happens if the object was deleted or if there are problems connecting to the domain controller.

To find the user account name by the known SID (a reverse procedure), use one of the following commands:

wmic useraccount where sid='S-1-3-12-12451234567-1234567890-1234567-1434' get name

get-adgroup select group by SID

You can also find out the group or user name by SID with the built-in PowerShell classes (without using additional modules):

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-3-12-12451234567-1234567890-1234567-1434")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

When searching for objects by a known SID in an AD domain, it is better to use the Get-ADObject cmdlet. This is a universal method for searching objects in the Active Directory domain by SID when you don’t know the type of AD object to which the SID belongs or which cmdlet to use to find it (Get-AdUser, Get-ADComputer, or Get-ADGroup),

$sid = 'S-1-5-21-2412346651-123456789-123456789-12345678;
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object name, objectClass

The IncludeDeletedObjects parameter allows you to search for deleted objects in the Active Directory Recycle Bin.

Get-ADObject find Active Directory object by SID

In our case, the AD object with the specified SID is a domain computer (see the objectClass attribute).

5 comments
9
Facebook Twitter Google + Pinterest
Active DirectoryPowerShellWindows 10Windows 11Windows Server 2022
previous post
Using Microsoft Graph API to Access Azure via PowerShell
next post
Configuring Always-On High Availability Groups on SQL Server

Related Reading

How to Find the Source of Account Lockouts...

March 12, 2024

How to Refresh (Update) Group Policy Settings on...

August 13, 2024

Configuring Windows Firewall Rules Using Group Policy

March 15, 2024

Repairing the Domain Trust Relationship Between Workstation and...

May 16, 2024

Checking Active Directory Domain Controller Health and Replication

May 15, 2025

Troubleshooting: Group Policy (GPO) Not Being Applied to...

March 15, 2024

Cached Domain Logon Credentials on Windows

July 29, 2025

Updating Group Policy Administrative Templates (ADMX)

January 24, 2025

5 comments

matt smith May 13, 2019 - 3:21 pm

This was very useful, and thank you. I’ve noticed SIDs on files in O365, that are grouped in the format “S——. Additionally, some SIDs have another “2” 10-digit strings appended.

Do you happen to know what these mean? And why some have more groups of numbers than others? Are they group SIDs, perhaps, that are appended? Thanks very much in advance.

Reply
admin May 14, 2019 - 1:29 pm

Perhaps you have in mind not the SIDs, but the SDDL (Security Descriptor Definition Language) file permission format?
Check out the article: https://woshub.com/how-to-backup-and-restore-ntfs-permissions-using-icacls/

Reply
Jon November 4, 2019 - 2:31 pm

Excellent! Showing multiple ways to obtain result. Love the PowerShell one-liner for obtaining “SID from User” and the $objSID + $objUser to obtain the “User from SID” that you shared. Those work for both Local and Domain cross reference!

Reply
GTech May 16, 2022 - 3:49 pm

Use this post at work, thank you.
Another command that could be added to the post is a simple command to see you’re own domain User SID using the whoami command like this at a command prompt: whoami /user .

Reply
Abhijit January 19, 2024 - 2:11 am

fantastic, works like a charm.
thankyou

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Proxmox: Share a Host Directory with VMs via VirtioFS

    August 18, 2025
  • How to Find AD Users with Blank Passwords (Password-Not-Required)

    July 24, 2025
  • Run Elevated Commands with Sudo on Windows 11

    July 16, 2025
  • Find a Process Causing High Disk Usage on Windows

    July 15, 2025
  • Fix: Microsoft Defender Not Updating Automatically in Windows

    July 8, 2025
  • Create a Windows Server VM on Proxmox (Step-by-Step)

    July 7, 2025
  • How to Detect Which User Installed or Removed a Program on Windows

    June 23, 2025
  • Encrypt Any Client-Server App Traffic on Windows with Stunnel

    June 12, 2025
  • Failed to Open the Group Policy Object on a Computer

    June 2, 2025
  • Remote Desktop Printing with RD Easy Print Redirection

    June 2, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Configure Google Chrome Settings with Group Policy
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • How to Find the Source of Account Lockouts in Active Directory
  • How to Disable or Enable USB Drives in Windows using Group Policy
  • Get-ADComputer: Find Computer Properties in Active Directory with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Adding Domain Users to the Local Administrators Group in Windows
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top