Active Directory & Office 365 Reporting Tool

Find SID in Active Directory Users and Computers Using PowerShell.  The Security Identifier or SID is a unique ID number assigned to each Windows user, group, or computer on the domain-controlled network. So, for example, if we’ve ever tried to manage File and Folder permissions or browsed through the registry, we might have seen a long string value, something like S-1-5-21-3011698416-3634052959-2884390752-500. If you have seen something like this before, you have already encountered the SID.

Every user, group, or computer will have a unique SID. If we’ve never heard of SIDs, we might be wondering what their purpose is and how it weaves inside the Active Directory (AD). After all, we will usually never see these security identifiers in plain sight.

This article will explain what a SID is, how to find SID in active directory users and computers, and share multiple commands on getting the SID using Windows PowerShell.

Find SID in Active Directory

Get SID in Active Directory Users and Computers Powershell

SID Report Prerequisites

To use the array of Active Directory commands and its examples covered in this article, be sure we have the following:

  • On a Windows PC joined to an AD domain
  • Logged in as an AD user account with at least read rights to the active directory.
  • Have the PowerShell Active Directory module installed and imported

Try our Active Directory SID Reporting Solution for FREE

Try us out for Free, Access to all features. – 200+ AD Report templates Available. Easily customise your own AD SID reports.

Introduction to the Security Identifier

A Security Identifier or SID is a unique string of values assigned to each security principal and security group by an authority, such as a Windows domain controller. When a security group or principal is created, security identification is made automatically. Once created, the SID is saved in the security database and can be accessed as needed.

Combining the SID and user rights, Windows gives us, the user, an access token every time we log into our system. This access token provides the security context and gives us appropriate permissions and rights to manage our Windows system. Therefore, SID is one of the essential parts of the Windows Security Model.

Apart from the automatically generated SIDs, Windows has a few well-known universal SIDs, such as Everyone, Local Authority, World, NT Authority, and All Services. The following table lists the well-known universal SIDs.

ValueUniversal Well-Known SIDIdentifies
S-1-0-0Null SIDA group with no member objects. This SID is often used when a SID value is null or unknown.
S-1-1-0WorldA group that includes everyone or all users.
S-1-2-0LocalUsers who log on to local (physically connected)
S-1-2-1Console LogonA group includes users logged on the physical console.
S-1-3-0Creator Owner IDA SID to be replaced by the user’s security identifier who created a new object. This SID is used in inheritable ACEs.
S-1-3-1Creator Group IDA SID is replaced by the primary-group SID of the user who created a new object. Use this SID in inheritable ACEs.
S-1-3-2Creator Owner Server 
S-1-3-3Creator Group Server 
S-1-3-4Owner RightsA SID that represents the current owner of the object. When an ACE that carries this SID is applied to an object, the system ignores the object owner’s implicit READ_CONTROL and WRITE_DAC permissions for the object owner.
S-1-4Non-unique AuthorityA Security Identifier that represents an identifier authority.
S-1-5NT AuthorityA Security Identifier that represents an identifier authority.
S-1-5-80-0All ServicesA group includes all service processes configured on the system. The operating system controls membership.

If we want to learn more about Security Identifiers, click this link for its official Microsoft documentation.

Find SID in Active Directory Objects Using PowerShell

With PowerShell, we can find the different SIDs of each object at every level. The SID is located as a property of a user, group, or computer object. We will be using the Select-Object command to extract the SID property from the PowerShell object.

In the following section, we will start with getting the SID of the currently logged-in user and work our way up to the top of all domains in a forest.

Get Current Active Directory User SID in PowerShell

We can get the current user SID in PowerShell using Get-LocalUser cmdlet, which gets user account details. For example, run the below command to get the currently logged-in user SID.

					Get-LocalUser -Name $env:USERNAME | Select-Object  sid

In the above PowerShell script, Get-LocalUser gets user account details specified by environment variable $env:USERNAME.

Get SID details in PowerShell

$env:USERNAME is an environment variable that saves information about the operating system’s environment and programs. The operating system path, the location of the Windows installation directory, and the number of processes used by the operating system are all included in this data. PowerShell can access, manage, and change environment variables.

Get Local User SID in PowerShell

On the server, local user accounts are saved. We can give these accounts access and permissions on a single system, but only on that one machine. Local user accounts are security principles used to safeguard and control service or user access to resources on a solo or member server.

Get-LocalUser returns the local user’s SID via PowerShell, as shown below. When using the Get-LocalUser command, we don’t need the AD module loaded and imported yet.

					Get-LocalUser -Name 'johndoe' | Select-Object  sid

The PowerShell script specifies the local user name to get the local user SID.

Get Active Directory User SID in PowerShell

Since we will be running an Active Directory command, we will need to import the imported AD module.

					Import-Module ActiveDirectory

We can get active directory user SID using the Get-ADUser cmdlet, bringing one or more AD user account details. Run the below command.

					Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName

In the above PowerShell script, the Get-ADUser cmdlet gets the AD user SID specified by the Identity parameter. In addition, the parameter selects the name, SID of the AD User, and user principal name properties in PowerShell.

Try our Active Directory & Office 365 Reporting & Auditing Tools

Try us out for Free.  100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.

Get Active Directory Computer SID in PowerShell

We can get not only SIDs from users but also domain-joined computers. We can get active directory computer SID using the Get-ADComputer command. We can get multiple SIDs from multiple AD computers using the Filter parameter.

					Get-ADComputer -Filter * | Select-Object Name, SID

In the above PowerShell, Get-ADComputer cmdlet in active directory gets computer account details and uses pipe operator to select computer name and SID of computer in active directory.

Get Active Directory Group SID in PowerShell

Like users and computers, we can also get a SID of a group since groups are considered AD objects. To get AD group SID in the active directory, use the Get-ADGroup cmdlet.

					Get-ADGroup -Identity SalesLeader | Select-Object Name, SID

The Get-ADGroup cmdlet gets a group account specified by the Identity parameter in the PowerShell script. Next, select the AD group’s Name and SID properties in the active directory using the pipe operator.

Get a SID of All Domains in PowerShell

An Active Directory forest (AD forest) is the logical container that houses domains, users, machines, and group rules in an Active Directory configuration.

We can find the SID of all domains in the active directory using the Get-ADForest cmdlet of the active directory as below.

					(Get-ADForest).Domains| %{Get-ADDomain -Server $_} | Select-Object name, domainsid

Find SID in Active Directory Objects Conclusion

We can use Active Directory cmdlets like Get-ADUser, Get-ADComputer, and Get-ADGroup to find SID in active directory users and computers. Furthermore, we have also included getting the SID of a local user and the whole domain using Get-LocalUser and Get-ADDomain, respectively.


Try InfraSOS for FREE

Invite your team and explore InfraSOS features for free

Andrew Fitzgerald

Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their IT Infrastructure, Cloud deployments and Security. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud and Active Directory.

Leave a comment

Your email address will not be published. Required fields are marked *