Find SID in Active Directory Users and Computers Using PowerShell. The Security Identifier or SID is a unique ID number assigned to each Windows user, group, or computer on the domain-controlled network. So, for example, if we’ve ever tried to manage File and Folder permissions or browsed through the registry, we might have seen a long string value, something like S-1-5-21-3011698416-3634052959-2884390752-500. If you have seen something like this before, you have already encountered the SID.
Every user, group, or computer will have a unique SID. If we’ve never heard of SIDs, we might be wondering what their purpose is and how it weaves inside the Active Directory (AD). After all, we will usually never see these security identifiers in plain sight.
This article will explain what a SID is, how to find SID in active directory users and computers, and share multiple commands on getting the SID using Windows PowerShell.
Find SID in Active Directory
SID Report Prerequisites
To use the array of Active Directory commands and its examples covered in this article, be sure we have the following:
- On a Windows PC joined to an AD domain
- Logged in as an AD user account with at least read rights to the active directory.
- Have the PowerShell Active Directory module installed and imported
Try our Active Directory SID Reporting Solution for FREE
Try us out for Free, Access to all features. – 200+ AD Report templates Available. Easily customise your own AD SID reports.
Introduction to the Security Identifier
A Security Identifier or SID is a unique string of values assigned to each security principal and security group by an authority, such as a Windows domain controller. When a security group or principal is created, security identification is made automatically. Once created, the SID is saved in the security database and can be accessed as needed.
Combining the SID and user rights, Windows gives us, the user, an access token every time we log into our system. This access token provides the security context and gives us appropriate permissions and rights to manage our Windows system. Therefore, SID is one of the essential parts of the Windows Security Model.
Apart from the automatically generated SIDs, Windows has a few well-known universal SIDs, such as Everyone, Local Authority, World, NT Authority, and All Services. The following table lists the well-known universal SIDs.
Value | Universal Well-Known SID | Identifies |
---|---|---|
S-1-0-0 | Null SID | A group with no member objects. This SID is often used when a SID value is null or unknown. |
S-1-1-0 | World | A group that includes everyone or all users. |
S-1-2-0 | Local | Users who log on to local (physically connected) |
S-1-2-1 | Console Logon | A group includes users logged on the physical console. |
S-1-3-0 | Creator Owner ID | A SID to be replaced by the user’s security identifier who created a new object. This SID is used in inheritable ACEs. |
S-1-3-1 | Creator Group ID | A SID is replaced by the primary-group SID of the user who created a new object. Use this SID in inheritable ACEs. |
S-1-3-2 | Creator Owner Server | |
S-1-3-3 | Creator Group Server | |
S-1-3-4 | Owner Rights | A SID that represents the current owner of the object. When an ACE that carries this SID is applied to an object, the system ignores the object owner’s implicit READ_CONTROL and WRITE_DAC permissions for the object owner. |
S-1-4 | Non-unique Authority | A Security Identifier that represents an identifier authority. |
S-1-5 | NT Authority | A Security Identifier that represents an identifier authority. |
S-1-5-80-0 | All Services | A group includes all service processes configured on the system. The operating system controls membership. |
If we want to learn more about Security Identifiers, click this link for its official Microsoft documentation.
Find SID in Active Directory Objects Using PowerShell
With PowerShell, we can find the different SIDs of each object at every level. The SID is located as a property of a user, group, or computer object. We will be using the Select-Object command to extract the SID property from the PowerShell object.
In the following section, we will start with getting the SID of the currently logged-in user and work our way up to the top of all domains in a forest.
Get Current Active Directory User SID in PowerShell
We can get the current user SID in PowerShell using Get-LocalUser cmdlet, which gets user account details. For example, run the below command to get the currently logged-in user SID.
Get-LocalUser -Name $env:USERNAME | Select-Object sid
In the above PowerShell script, Get-LocalUser gets user account details specified by environment variable $env:USERNAME.
$env:USERNAME is an environment variable that saves information about the operating system’s environment and programs. The operating system path, the location of the Windows installation directory, and the number of processes used by the operating system are all included in this data. PowerShell can access, manage, and change environment variables.
Get Local User SID in PowerShell
On the server, local user accounts are saved. We can give these accounts access and permissions on a single system, but only on that one machine. Local user accounts are security principles used to safeguard and control service or user access to resources on a solo or member server.
Get-LocalUser returns the local user’s SID via PowerShell, as shown below. When using the Get-LocalUser command, we don’t need the AD module loaded and imported yet.
Get-LocalUser -Name 'johndoe' | Select-Object sid
The PowerShell script specifies the local user name to get the local user SID.
Get Active Directory User SID in PowerShell
Since we will be running an Active Directory command, we will need to import the imported AD module.
Import-Module ActiveDirectory
We can get active directory user SID using the Get-ADUser cmdlet, bringing one or more AD user account details. Run the below command.
Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
In the above PowerShell script, the Get-ADUser cmdlet gets the AD user SID specified by the Identity parameter. In addition, the parameter selects the name, SID of the AD User, and user principal name properties in PowerShell.
Try our Active Directory & Office 365 Reporting & Auditing Tools
Try us out for Free. 100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.
Get Active Directory Computer SID in PowerShell
We can get not only SIDs from users but also domain-joined computers. We can get active directory computer SID using the Get-ADComputer command. We can get multiple SIDs from multiple AD computers using the Filter parameter.
Get-ADComputer -Filter * | Select-Object Name, SID
In the above PowerShell, Get-ADComputer cmdlet in active directory gets computer account details and uses pipe operator to select computer name and SID of computer in active directory.
Get Active Directory Group SID in PowerShell
Like users and computers, we can also get a SID of a group since groups are considered AD objects. To get AD group SID in the active directory, use the Get-ADGroup cmdlet.
Get-ADGroup -Identity SalesLeader | Select-Object Name, SID
The Get-ADGroup cmdlet gets a group account specified by the Identity parameter in the PowerShell script. Next, select the AD group’s Name and SID properties in the active directory using the pipe operator.
Get a SID of All Domains in PowerShell
An Active Directory forest (AD forest) is the logical container that houses domains, users, machines, and group rules in an Active Directory configuration.
We can find the SID of all domains in the active directory using the Get-ADForest cmdlet of the active directory as below.
(Get-ADForest).Domains| %{Get-ADDomain -Server $_} | Select-Object name, domainsid
Find SID in Active Directory Objects Conclusion
We can use Active Directory cmdlets like Get-ADUser, Get-ADComputer, and Get-ADGroup to find SID in active directory users and computers. Furthermore, we have also included getting the SID of a local user and the whole domain using Get-LocalUser and Get-ADDomain, respectively.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- SaaS Reporting & Auditing Solution
- Full Access to All Features