System administrators want to find SID of user account for troubleshooting purpose and other requirement. In this post let us see how to resolve a user account to SID using PowerShell.
PsGetSid is one of the favorite utility for Windows Server administrators for resolving user names to SID. There are otherways to do this as well. One of the ways is using System.Security.Principal namespace. The script below is based on the classes in this name space. You can check this TechNet page to understand more about its usage using PowerShell.
Save the below code as Get-UserSID.ps1 and then it is ready for usage. Look at the below usage examples.
[CmdletBinding()] Param( [Alias("User","UserName","Identity")] [string[]]$UserAccount, [string]$DomainName = $env:USERDOMAIN ) foreach($User in $UserAccount) { $object = New-Object –TypeName PSObject –Prop ( @{'UserName'=$null; 'DomainName'=$null; 'SIDValue'=$null} ) $Object.UserName = $User.ToUpper() $Object.DomainName = $DomainName.ToUpper() try { $UserObject = [System.Security.Principal.NTAccount]::new($DomainName,$User) $out = $UserObject.Translate([System.Security.Principal.SecurityIdentifier]) $Object.SIDValue = $out.Value } catch { $Object.SIDValue = "FAILED" } $Object }
Example#1: Resolve a single user account name to SID
.\Get-UserSID.ps1 -UserAccount testuser21
Example#2: Resolve multiple user accounts to get their SIDs
.\Get-UserSID.ps1 -UserAccount testuser21,testuser22
Example#3: Get SID of a user account from a domain other than current logged on user domain
.\Get-UserSID.ps1 -UserAccount testuser21,testuser1 -DomainName winops.com
This script is a good alternative for psgetsid.exe utility and can be incorporated into any of your scripts to get a user account’s SID details.
Do you have any questions about the usage? Feel free to post it in comments section.