≡ Menu

Find the SID of current logged on user using PowerShell

One of the things I like with PowerShell is its ability to use DotNet classes and methods. In this article we will such approach to find out what is the SID of current logged on user account using PowerShell.

DotNet assembly System.DirectoryServices.AccountManagement has a class called UserPrincipal which gives a simple way to get SID of current logged user. There are several other ways to do it but I found this is easiest of all.

Let see how to do this. First we need to add the System.DirectoryServices.AccountManagement assembly to PowerShell session. You can do it by Add-Type cmdlet.

Add-Type -AssemblyName System.DirectoryServices.AccountManagement

Once the assembly added, you can use below one-liner to query the Current User details and one of the property is SID.

[System.DirectoryServices.AccountManagement.UserPrincipal]::Current

Below screen shows the list of properties that this class provides.

current sid

Putting all these together, I made a quick PowerShell function that returns the SID of current logged on user.

function Get-CurrentUserSID {            
[CmdletBinding()]            
param(            
)            
            
Add-Type -AssemblyName System.DirectoryServices.AccountManagement            
return ([System.DirectoryServices.AccountManagement.UserPrincipal]::Current).SID.Value            
            
            
}

You can import this function into your PowerShell window and use it. Let me know if you got any questions.

Comments on this entry are closed.

  • Dennis February 3, 2017, 8:23 pm

    Thx 🙂

  • Marc Jolley December 5, 2017, 5:55 pm

    This only works if you run the script as the currently logged in user, as it returns the SID of the account running the script. No use if you have to run elevated PowerShell prompts as a privileged admin if you’re trying to return the SID of the user logged into Windows.

    • Wintel Rocks December 29, 2017, 6:55 pm

      Do you mean by performing runas? If you run this from a shell that is started under another login shows that login only. Not the interactively logged on user.

  • test August 12, 2019, 7:41 pm

    whoami /user

    • Wintel Rocks August 29, 2019, 6:02 am

      Yes, that command gives the output. But the problem is it cannot be used inside the script as there is an overhead of parsing the command line output. The .Net classes are appropriate as it returns output in an object format which can be easily inside the code.

  • elrod johnson June 27, 2020, 12:45 am

    this runs dozens of times faster:

    function Get-CurrentUserSID {
    [CmdletBinding()]

    $sid = $(whoami /user)
    $ndx = (($sid | Select-String -Pattern ‘^(=+ =+)$’).Matches.Groups[1].Value).IndexOf(‘ ‘)
    return $sid[$sid.Length – 1].Substring($ndx + 1)
    }

    • Wintel Rocks October 10, 2020, 10:42 pm

      No need of regex. Just use below one-liner.
      (whoami /user /fo csv | convertfrom-csv).sid

      • Dave February 20, 2021, 3:04 am

        Elegant is best

  • elrod johnson June 27, 2020, 12:47 am

    the comment section to the above post got deleted:
    .’whoami /user’ looks like:
    #
    # USER INFORMATION
    # —————-
    #
    # User Name SID
    # ========= =============================================
    # a\joem S-1-5-21-4161721442-889819839-2670263884-1000

    output is 7 lines
    the SID = ‘S-1-5-21-4161721442-889819839-2670263884-1000’
    we don’t know the index of ‘S’, depends on length of user name
    look for ‘========= =============================================’
    $ndx = get index of ‘ ‘ {space}
    $sid[$sid.Length – 1] is last line in $sid
    .Substring($ndx + 1) is index of ‘S’, take rest of line

    • elrod johnson June 27, 2020, 12:49 am

      $sid = $(whoami /user)
      $ndx = (($sid | Select-String -Pattern ‘^(=+ =+)$’).Matches.Groups[1].Value).IndexOf(‘ ‘)
      return $sid[$sid.Length – 1].Substring($ndx + 1)

      • Wintel Rocks June 28, 2020, 6:12 pm

        Thanks Johnson. It works.

        My recommendation is to use dotnet libraries, powershell cmdlets, wmi classes if they provide the functionality. If not possible with any of them, then we can take the route of executing exes/commands and parsing the output using regex.

      • Wintel Rocks October 10, 2020, 10:42 pm

        No need of regex. Just use below one-liner.
        (whoami /user /fo csv | convertfrom-csv).sid

  • cqured sphere October 21, 2020, 3:53 pm

    This is not current logged user!
    This is user currently running terminal. 🙁

  • Peter Wawa March 12, 2021, 2:12 pm

    [Security.Principal.WindowsIdentity]::GetCurrent().user