Retrieving a user’s SID (Security Identifier) using PowerShell

This one-liner will retrieve a user’s Security Identifier (SID) using PowerShell. Because it is a long line, you can use ‘View source’ when hovering over the code to see it in full.

It has been tested on Windows 7 64-bit but should work on all versions of Windows compatible with PowerShell and .NET.

There are three versions listed. The first will prompt you for the user name, the second has the user name hard-coded into the line and the third is a function you can add to your PowerShell profile.

Prompt

  • To get this into PowerShell, triple-click the line, copy it the clipboard then right-click inside your PowerShell window to paste and run it.
  • Enter the user name of the account you require the SID of.
    • The user name is not case-sensitive.
# Ask for a user name and get their SID
(New-Object System.Security.Principal.NTAccount(Read-Host "User name?")).Translate([System.Security.Principal.SecurityIdentifier]).Value

Hard-Coded

You can hard-code the user name.

  • To get this into PowerShell, triple-click the line, copy it the clipboard then right-click inside your PowerShell window to paste and run it.
  • Change USERNAME to the user name of the account you require the SID of.
    • The user name is not case-sensitive.
# Get the SID of a specific user
(New-Object System.Security.Principal.NTAccount("USERNAME")).Translate([System.Security.Principal.SecurityIdentifier]).Value

Profile Function

You can add a Get-SID cmdlet to your PowerShell environment.

When this is done, the cmdlet Get-SID will be available. You can then type Get-SID followed by a user name to retrieve their SID, for example, Get-SID Administrator.

The syntax is Get-SID [-UserName] <string>.

  • Edit and / or create your PowerShell profile script and add the function below.
    • The location of the profile is (in PowerShell) $profile. If it does not exist, you will need to create the folder it is in before editing it using the command notepad $profile.
  • Close PowerShell and open it again. The cmdlet Get-SID is now available.
Function Get-SID
         ([Parameter(Mandatory=$true)] [string] $UserName)
{
  (New-Object System.Security.Principal.NTAccount($UserName)).Translate([System.Security.Principal.SecurityIdentifier]).Value
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s