One of the things I like with PowerShell is its ability to use DotNet classes and methods. In this article we will such approach to find out what is the SID of current logged on user account using PowerShell.
DotNet assembly System.DirectoryServices.AccountManagement has a class called UserPrincipal which gives a simple way to get SID of current logged user. There are several other ways to do it but I found this is easiest of all.
Let see how to do this. First we need to add the System.DirectoryServices.AccountManagement assembly to PowerShell session. You can do it by Add-Type cmdlet.
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
Once the assembly added, you can use below one-liner to query the Current User details and one of the property is SID.
[System.DirectoryServices.AccountManagement.UserPrincipal]::Current
Below screen shows the list of properties that this class provides.
Putting all these together, I made a quick PowerShell function that returns the SID of current logged on user.
function Get-CurrentUserSID { [CmdletBinding()] param( ) Add-Type -AssemblyName System.DirectoryServices.AccountManagement return ([System.DirectoryServices.AccountManagement.UserPrincipal]::Current).SID.Value }
You can import this function into your PowerShell window and use it. Let me know if you got any questions.
Comments on this entry are closed.
Thx 🙂
This only works if you run the script as the currently logged in user, as it returns the SID of the account running the script. No use if you have to run elevated PowerShell prompts as a privileged admin if you’re trying to return the SID of the user logged into Windows.
Do you mean by performing runas? If you run this from a shell that is started under another login shows that login only. Not the interactively logged on user.
whoami /user
Yes, that command gives the output. But the problem is it cannot be used inside the script as there is an overhead of parsing the command line output. The .Net classes are appropriate as it returns output in an object format which can be easily inside the code.
this runs dozens of times faster:
function Get-CurrentUserSID {
[CmdletBinding()]
$sid = $(whoami /user)
$ndx = (($sid | Select-String -Pattern ‘^(=+ =+)$’).Matches.Groups[1].Value).IndexOf(‘ ‘)
return $sid[$sid.Length – 1].Substring($ndx + 1)
}
No need of regex. Just use below one-liner.
(whoami /user /fo csv | convertfrom-csv).sid
Elegant is best
the comment section to the above post got deleted:
.’whoami /user’ looks like:
#
# USER INFORMATION
# —————-
#
# User Name SID
# ========= =============================================
# a\joem S-1-5-21-4161721442-889819839-2670263884-1000
output is 7 lines
the SID = ‘S-1-5-21-4161721442-889819839-2670263884-1000’
we don’t know the index of ‘S’, depends on length of user name
look for ‘========= =============================================’
$ndx = get index of ‘ ‘ {space}
$sid[$sid.Length – 1] is last line in $sid
.Substring($ndx + 1) is index of ‘S’, take rest of line
$sid = $(whoami /user)
$ndx = (($sid | Select-String -Pattern ‘^(=+ =+)$’).Matches.Groups[1].Value).IndexOf(‘ ‘)
return $sid[$sid.Length – 1].Substring($ndx + 1)
Thanks Johnson. It works.
My recommendation is to use dotnet libraries, powershell cmdlets, wmi classes if they provide the functionality. If not possible with any of them, then we can take the route of executing exes/commands and parsing the output using regex.
No need of regex. Just use below one-liner.
(whoami /user /fo csv | convertfrom-csv).sid
This is not current logged user!
This is user currently running terminal. 🙁
[Security.Principal.WindowsIdentity]::GetCurrent().user
Thank you for sharing this.