Home / Solution / How to Convert SID to User/Group Name and User to SID?

How to Convert SID to User/Group Name and User to SID?

In Windows setting, every area and native person, group and different safety objects are assigned a novel identifier — Security Identifier or SID. It is an SID, however not the username, is used to management entry to totally different assets: community shared folders, registry keys, file system objects, printers, and so on. In this text we’ll present you some easy methods to discover the SID of a person or group (Active Directory or native), and the reverse process – how to get the title of a Windows person or group by a identified SID.

To convert username to SID, you should use the wonderful software from the Sysinternals toolset – PsGetSid. But you may have to obtain and set up this software on every pc manually. An instance of utilization PsGetSID to get a SID by a person account title:

PsGetSid PC1jjsmith

To get username by SID use the command:

PsGetSid S-1-5-21-1175651296-1316133944-203321314-1005

In my opinion, the best method to convert SID -> Username and Username -> SID is to use the interior Windows CLI instruments or easy PowerShell cmdlets:

How to Find a Local User SID?

To get the SID of the native person account on a present pc, you should use the wmic software, which permits you to question the pc’s WMI namespace. To get the SID of the native person test_user, you should use the WMIC command:

wmic useraccount the place title='test_user' get sid

The command above returned the SID of the desired native person. In this instance – S-1-5-21-1175659216-1321616944-201305354-1005.

If you want to get the SID of the present person (below which the command is executed), run the next command:

wmic useraccount the place title='%username%' get sid

Using the 2 .NET courses System.Security.Principal.SecurityIdentifier and System.Security.Principal.NTAccount you may get the SID of the native person with PowerShell:

$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

How to Get SID for an Active Directory User/Group?

The following command can be utilized to get a SID of the present area account:

whoami /person

You can discover out the area person SID utilizing WMIC software. You should specify your area title within the following command:

wmic useraccount the place (title='jjsmith' and area=′corp.woshub.com′) get sid

To discover the SID of an AD area person, you should use the cmdlet that’s a part of the Active Directory Module for Windows PowerShell. Get the SID for the jjsmith account:

Get-ADUser -Identity 'jabrams' | choose SID

You can get the SID of an AD group utilizing the cmdlet:

Get-ADGroup -Filter | Select SID

If the PowerShell AD module isn’t put in in your pc, you may get the person’s SID from AD area utilizing the .Net courses talked about earlier:

$objUser = New-Object System.Security.Principal.NTAccount("corp.woshub.com","jabrams")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])

The identical PowerShell one-liner command:

(new-object safety.principal.ntaccount “jabrams").translate([security.principal.securityidentifier])

How to Convert a SID to User/Group Name?

To get the title of the person account by the SID (a reverse process), you should use one of many following instructions:

wmic useraccount the place sid='S-1-Three-12-12451234567-1234567890-1234567-1434' get title

You can get the person title by a SID utilizing the AD module for PowerShell:

Get-ADUser -Identity S-1-Three-12-12451234567-1234567890-1234567-1434

To discover the area group title by a identified SID, use the command:

Get-ADGroup -Identity S-1-5-21-247647651-3965464288-2949987117-23145222

You also can discover out the group or person title by SID with the built-in PowerShell courses (with out extra modules):

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S S-1-Three-12-12451234567-1234567890-1234567-1434")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])

Searching Active Directory by SID

If you don’t know what kind of AD object a sure SID belongs to and what precise PoSh cmdlet to use to discover it (Get-AdvertUser, or Get-ADGroup), you should use the common methodology of looking out objects in Active Directory  area ba a SID utilizing the Get-ADObject cmdlet.

$sid = ‘S-1-5-21-2412346651-123456789-123456789-12345678’
Get-ADObject –IncludeDeletedObjects -Filter "objectSid -eq '$sid'" | Select-Object title, objectClass

In our case, the AD object with the desired SID is a site pc (see the objectClass attribute).

Check Also

Managing Microsoft Office Settings with GPO Administrative Templates

To centrally handle the settings of Microsoft Office applications (Word, Excel. Outlook, Visio, PowerPoint, and …

Leave a Reply

Your email address will not be published. Required fields are marked *