Oct
07

Using PowerShell to Resolve SIDs to Friendly Names

Time and time again I run into an issue that presents me with a SID which I need to resolve.  I’ve used a number of tools and scripts over the years to address this issue.  I think I have the best and easiest method for me to solve this issue that always seems to pop up.

If you’re new to PowerShell you will want to make sure you have it installed if you want to use this script…and yes it is a script not a command.  I do this by opening a text file and renaming it from a .txt file to a .ps1 file.  When you try to open a .ps1 file it may open in your text editor but for this you will want to Right Click it and select Edit which will open up whatever you have as your PowerShell editor.  Copy the following code into the Script Pane:

$objSID = New-Object System.Security.Principal.SecurityIdentifier
    ("S-1-5-21-768745588-123456789-987654321-500")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value

Now just save this file and you can run it to return the results of the SID that you place in there.  The one thing that will change is the actual SID.  In this example i’m using S-1-5-21-768745588-123456789-987654321-500 which is the Well Known SID for the domain Administrator.  My results should show me the friendly name.  Anytime you change the SID you will have to resave the file but then just Run the script and it will show you the results.

I’m sure there is a way I could make this into an application but I”ll leave that fun for those looking to take this to the next step.



6 Responses to “Using PowerShell to Resolve SIDs to Friendly Names”

  1.   Spad Says:

    http://live.sysinternals.com/psgetsid.exe

    Obviously there are scenarios where the Powershell option is better, but a good Admin should never leave home with a copy of PSTools 🙂

    Reply

  2.   BrianM Says:

    I love psgetsid but does it resolve SIDs to names?

    Reply

  3.   sandy Says:

    Yes psgetsid resolves SID to names as well. Try psgetsid “SID”

    Reply

  4.   Greg Says:

    This script needs a ` at the end of the first line in order to work, i.e.

    $objSID = New-Object System.Security.Principal.SecurityIdentifier `

    Reply

  5.   Glenn Says:

    Is there something special I need to do to make this work? No matter what I try it keeps failing

    Reply

  6.   Loic Says:

    Thank you for this article. I noticed that often when I was looking for a name behind an SID it was after incomplete deletion of an object.

    As a reply to Glenn.

    I use to work with a set of tools that I put in a module or for some of them in my profile.

    Here is a short function that does the job and tells you if the SID cannot be resolved.

    > f-sid [yourSID]

    if you have a list of SIDs in a txt file SIDs.txt

    > get-content SIDs.txt | % { f-sid $_ }

    Function f-sid {
    param ( [Parameter(Mandatory=$true)][String]$Sid)
    $objSID = New-Object System.Security.Principal.SecurityIdentifier($Sid)
    Try {
    ($objSID.Translate( [System.Security.Principal.NTAccount])).value
    }
    Catch {
    Write-host “`nCouldn’t find any entry matching SID : $Sid” -foregroundcolor cyan
    }
    }

    Reply

Leave a Reply