Windows SID

Windows security identifier (SID) is a unique value of variable length used to identify a trustee. Each account has a unique SID issued by an authority, such as a Windows domain controller, and stored in a security database.

To Get the SID for an account we can use the normal Windows command line or Windows Power Shell

Below are some examples how we can get the SID of a user or groups.

Windows Command Line:

  1. Get SID for Logged in domain user:
  1. Using whomi command

command:
Whoami /user

example:
whoami /user

USER INFORMATION
—————————–
User Name                                   SID
======================== =============================================
AD-testdomain\testuser1         S-1-5-21-25434348-1744911521-1031210941-64275

  1. Using wmic command

command:
wmic useraccount where name=’%username%’ get sid

example: (Assuming the logged in user is “testuser1”)
wmic useraccount where name=’%username%’ get sid
SID
S-1-5-21-25434348-1744911521-1031210941-64275

  1. Get SID for Domain users:
  1. Using wmic command without specifying domain

command:
wmic useraccount where name=’username’ get sid

example:
wmic useraccount where name=’testuser1′ get sid
SID
S-1-5-21-25434348-1744911521-1031210941-64275

  1. User wmic command with specifying domain variable

command:
wmic useraccount where (name=’username’ and domain=’%userdomain%’) get name,sid

example:
wmic useraccount where (name=’testuser1′ and domain=’%userdomain%’) get name,sid
Name           SID
testuser1   S-1-5-21-25434348-1744911521-1031210941-64275

  1. Get SID for Local users:
  1. Using wmic command without specifying computer account

command:
wmic useraccount where name=’username’ get sid

example:
wmic useraccount where name=’testuser1′ get sid
SID
S-1-5-21-25434348-1744911521-1031210941-64275

  1. Using wmic command with specifying computer account

command:
wmic useraccount where (name=’useraccount’ and domain=’%computername%’) get name,sid

example:
wmic useraccount where (name=’localtestuser’ and domain=’%computername%’) get name,sid
Name                    SID
localtestuser        S-1-5-21-2995956899-2603052268-3747274283-500

  1. To Get Account name of an SID for a domain user:

Using wmic command:

command:
wmic useraccount where sid=’sidnumber’ get name

example:
wmic useraccount where sid=’S-1-5-21-25434348-1744911521-1031210941-64275′ get name
Name
testuser1

PowerShell Command line:

  1. Get SID of Local or Domain Users:

command:
$AdObj = New-Object System.Security.Principal.NTAccount(“useraccount”)
$strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value
note: if there is an identical account in local machine and domain, the output will be local machine user account

example:
PS C:\> $AdObj = New-Object System.Security.Principal.NTAccount(“testuser1”)
PS C:\> $strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
PS C:\> $strSID.Value
S-1-5-21-25434348-1744911521-1031210941-64275

  1. Get SID of Local or Domain Groups:

command:
PS C:\> $AdObj = New-Object System.Security.Principal.NTAccount(“Groupname”)
PS C:\> $strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
PS C:\> $strSID.Value
note: if there is an identical group account in local machine and domain, the output will be local machine group account

example:
PS C:\> $AdObj = New-Object System.Security.Principal.NTAccount(“Isilon_Global_Group”)
PS C:\> $strSID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
PS C:\> $strSID.Value
S-1-5-21-25434348-1744911521-1031210941-65609