SID (Security IDentifier) is a unique id number assigned to each user on a windows computer, group, or computer on the domain-controlled network.
The Get-LocalUser cmdlet in PowerShell gets a local user account information, it uses the SID attribute to get current user sid.
The Get-AdUser cmdlet in PowerShell uses the SID attribute to get ad user SID.
The Get-AdComputer cmdlet in PowerShell uses the SID attribute to find computer SD in the active directory.
In this article, I will explain how to find SID in active directory users and computers, get current user SID or get local user SID using PowerShell Get-LocalUser cmdlet.
PowerShell Get-LocalUser
cmdlet gets local user account, built-in account, and user account details SID of user, user name, and enabled status.
Let’s understand how to use Get-LocalUser in PowerShell to get SID of local user active directory cmdlets like Get-AdUser, Get-AdComputer, and Get-AdGroup to find aduser SID, adcomputer SID, and adgroup SID respectively with examples.
Get Current User SID in PowerShell
You can get current user SID in PowerShell using Get-LocalUser
cmdlet which gets user account details, run the below command to get user SID
Get-LocalUser -Name $env:USERNAME | Select sid
In the above PowerShell script, Get-LocalUser gets user account details specified by an environment variable $env:USERNAME and passes the output to the second command.
The second command gets SID of current user as below
Get Local User SID in PowerShell
You can get local user SID in PowerShell using Get-LocalUser
as below
Get-LocalUser -Name 'garyw' | Select sid
In the above PowerShell script, the Get-LocalUser cmdlet uses the Name parameter to specify the user name and uses the Select sid to retrieve the sid of user. The SID attribute has a value that contains the user sid.
Get AdUser SID in Active Directory
Use the Get-AdUser cmdlet in PowerShell to retrieve the active directory user. It has a SID attribute that is used to get aduser SID in the Active Directory.
Run the following script to retrieve the sid of a user.
Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
In the above PowerShell script, the Get-ADUser cmdlet gets SID for user specified by the Identity parameter and selects a name, SID of user, and userprincipalname in PowerShell.
The output of the above script to get-aduser SID as below
PS C:\Windows\system32> Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
Name SID UserPrincipalName
---- --- -----------------
Tom Smith S-1-5-21-1326752099-4012446882-462961959-1103 [email protected]
Get Computer SID in Active Directory
The Get-AdComputer cmdlet in PowerShell gets one or more computer account details. It has a SID attribute that is used to get computer SID.
Run the following PowerShell script to retrieve the SID of a computer in the active directory.
Get-AdComputer -filter * | select Name, SID
In the above PowerShell script, Get-AdComputer
cmdlet in the active directory gets computer account details and uses the pipe operator to select the computer name and SID of computer in the active directory
PS C:\Windows\system32> get-adcomputer -filter * | select Name, SID
Name SID
---- ---
ENGG-PRO S-1-5-21-1326752099-4012446882-462961959-1000
OPER-01 S-1-5-21-1326752099-4012446882-462961959-3104
Get AD Group SID in Active Directory
The Get-AdGroup cmdlet in PowerShell gets one or more active directory groups. It has a SID attribute that is used to get ad group SID in the AD.
Run the following PowerShell script to retrieve the SID of adgroup.
Get-ADGroup -Identity SalesLeader | Select Name, SID
In the above PowerShell script, Get-AdGroup
cmdlet gets ad group account specified by the Identity parameter and using the pipe operator selects the Name and SID of ad group in the active directory.
The output of the above script to get adgroup SID as below
PS C:\Windows\system32> Get-ADGroup -Identity SalesLeader | Select Name, SID
Name SID
---- ---
SALESLeader S-1-5-21-1326752099-4012446882-462961959-3105
Get SID of Domain in Active Directory
Get-AdDomain cmdlet in the Active Directory gets domain information. It has a DomainSID
attribute that is used to get SID of domain in AD.
Run the following PowerShell script to retrieve the domain SID in the active directory.
Get-ADDomain -Identity SHELLPRO | Select Name, DomainSID
In the above PowerShell script, Get-AdDomain
cmdlet gets domain information specified by the Identity
parameter and pipe output to Select Name and Domain SID in the active directory
Get SID of all Domains in Active Directory
Use the Get-AdForest cmdlet to get SID of all domains in the active directory.
(Get-ADForest).Domains| %{Get-ADDomain -Server $_}|select name, domainsid
Conclusion
I hope the above article on how to get local user SID, get current user SID and find SID in active directory users and computers in PowerShell is helpful to you.
You can use Active Directory cmdlets like Get-ADUser
, Get-AdComputer
and Get-AdGroup
to find SID in active directory users and computers, get ad user SID, ad computer SID using different cmdlet available in Active Directory.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page