How to Convert SID to User/Group Name and User to SID?

In Windows setting, every area and native person, group and different safety objects are assigned a novel identifier — Security Identifier or SID. It is an SID, however not the username, is used to management entry to totally different assets: community shared folders, registry keys, file system objects, printers, and so on. In this text we’ll present you some easy methods to discover the SID of a person or group (Active Directory or native), and the reverse process – how to get the title of a Windows person or group by a identified SID.

To convert username to SID, you should use the wonderful software from the Sysinternals toolset – PsGetSid. But you may have to obtain and set up this software on every pc manually. An instance of utilization PsGetSID to get a SID by a person account title:

PsGetSid PC1jjsmith

To get username by SID use the command:

PsGetSid S-1-5-21-1175651296-1316133944-203321314-1005

In my opinion, the best method to convert SID -> Username and Username -> SID is to use the interior Windows CLI instruments or easy PowerShell cmdlets:

How to Find a Local User SID?

To get the SID of the native person account on a present pc, you should use the wmic software, which permits you to question the pc’s WMI namespace. To get the SID of the native person test_user, you should use the WMIC command:

wmic useraccount the place title='test_user' get sid

The command above returned the SID of the desired native person. In this instance – S-1-5-21-1175659216-1321616944-201305354-1005.

If you want to get the SID of the present person (below which the command is executed), run the next command:

wmic useraccount the place title='%username%' get sid

Using the 2 .NET courses System.Security.Principal.SecurityIdentifier and System.Security.Principal.NTAccount you may get the SID of the native person with PowerShell:

$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

How to Get SID for an Active Directory User/Group?

The following command can be utilized to get a SID of the present area account:

whoami /person

You can discover out the area person SID utilizing WMIC software. You should specify your area title within the following command:

wmic useraccount the place (title='jjsmith' and area=′′) get sid

To discover the SID of an AD area person, you should use the cmdlet that’s a part of the Active Directory Module for Windows PowerShell. Get the SID for the jjsmith account:

Get-ADUser -Identity 'jabrams' | choose SID

You can get the SID of an AD group utilizing the cmdlet:

Get-ADGroup -Filter | Select SID

If the PowerShell AD module isn’t put in in your pc, you may get the person’s SID from AD area utilizing the .Net courses talked about earlier:

$objUser = New-Object System.Security.Principal.NTAccount("","jabrams")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

The identical PowerShell one-liner command:

(new-object safety.principal.ntaccount “jabrams").translate([security.principal.securityidentifier])

How to Convert a SID to User/Group Name?

To get the title of the person account by the SID (a reverse process), you should use one of many following instructions:

wmic useraccount the place sid='S-1-Three-12-12451234567-1234567890-1234567-1434' get title

You can get the person title by a SID utilizing the AD module for PowerShell:

Get-ADUser -Identity S-1-Three-12-12451234567-1234567890-1234567-1434

To discover the area group title by a identified SID, use the command:

Get-ADGroup -Identity S-1-5-21-247647651-3965464288-2949987117-23145222

You also can discover out the group or person title by SID with the built-in PowerShell courses (with out extra modules):

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S S-1-Three-12-12451234567-1234567890-1234567-1434")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])

Searching Active Directory by SID

If you don’t know what kind of AD object a sure SID belongs to and what precise PoSh cmdlet to use to discover it (Get-AdvertUser, or Get-ADGroup), you should use the common methodology of looking out objects in Active Directory  area ba a SID utilizing the Get-ADObject cmdlet.

$sid = ‘S-1-5-21-2412346651-123456789-123456789-12345678’
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object title, objectClass

In our case, the AD object with the desired SID is a site pc (see the objectClass attribute).

Check Also

How to Enable and Configure MPIO on Windows Server 2016/2012R2?

In this text we’ll contemplate how to set up and configure MPIO on Windows Server …

Leave a Reply

Your email address will not be published. Required fields are marked *