PowerShell – Get User SID in Active Directory

SID (Security IDentifier) is a unique id number assigned to each user on a windows computer, group, or computer on the domain-controlled network.

The Get-LocalUser cmdlet in PowerShell gets a local user account information, it uses the SID attribute to get current user sid.

The Get-AdUser cmdlet in PowerShell uses the SID attribute to get ad user SID.

The Get-AdComputer cmdlet in PowerShell uses the SID attribute to find computer SD in the active directory.

In this article, I will explain how to find SID in active directory users and computers, get current user SID or get local user SID using PowerShell Get-LocalUser cmdlet.

PowerShell Get-LocalUser cmdlet gets local user account, built-in account, and user account details SID of user, user name, and enabled status.

Let’s understand how to use Get-LocalUser in PowerShell to get SID of local user active directory cmdlets like Get-AdUser, Get-AdComputer, and Get-AdGroup to find aduser SID, adcomputer SID, and adgroup SID respectively with examples.

Get Current User SID in PowerShell

You can get current user SID in PowerShell using Get-LocalUser cmdlet which gets user account details, run the below command to get user SID

Get-LocalUser -Name $env:USERNAME | Select sid

In the above PowerShell script, Get-LocalUser gets user account details specified by an environment variable $env:USERNAME and passes the output to the second command.

The second command gets SID of current user as below

Get Local User SID in PowerShell

You can get local user SID in PowerShell using Get-LocalUser as below

Get-LocalUser -Name 'garyw' | Select sid

In the above PowerShell script, the Get-LocalUser cmdlet uses the Name parameter to specify the user name and uses the Select sid to retrieve the sid of user. The SID attribute has a value that contains the user sid.

Get AdUser SID in Active Directory

Use the Get-AdUser cmdlet in PowerShell to retrieve the active directory user. It has a SID attribute that is used to get aduser SID in the Active Directory.

Run the following script to retrieve the sid of a user.

 Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName

In the above PowerShell script, the Get-ADUser cmdlet gets SID for user specified by the Identity parameter and selects a name, SID of user, and userprincipalname in PowerShell.

The output of the above script to get-aduser SID as below

PS C:\Windows\system32> Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName

Name      SID                             UserPrincipalName
----      ---                            -----------------
Tom Smith S-1-5-21-1326752099-4012446882-462961959-1103 [email protected]

Get Computer SID in Active Directory

The Get-AdComputer cmdlet in PowerShell gets one or more computer account details. It has a SID attribute that is used to get computer SID.

Run the following PowerShell script to retrieve the SID of a computer in the active directory.

 Get-AdComputer -filter * | select Name, SID

In the above PowerShell script, Get-AdComputer cmdlet in the active directory gets computer account details and uses the pipe operator to select the computer name and SID of computer in the active directory

PS C:\Windows\system32> get-adcomputer -filter * | select Name, SID

Name     SID
----     ---
ENGG-PRO S-1-5-21-1326752099-4012446882-462961959-1000
OPER-01  S-1-5-21-1326752099-4012446882-462961959-3104

Get AD Group SID in Active Directory

The Get-AdGroup cmdlet in PowerShell gets one or more active directory groups. It has a SID attribute that is used to get ad group SID in the AD.

Run the following PowerShell script to retrieve the SID of adgroup.

Get-ADGroup -Identity SalesLeader | Select Name, SID

In the above PowerShell script, Get-AdGroup cmdlet gets ad group account specified by the Identity parameter and using the pipe operator selects the Name and SID of ad group in the active directory.

The output of the above script to get adgroup SID as below

PS C:\Windows\system32> Get-ADGroup -Identity SalesLeader | Select Name, SID

Name        SID
----        ---
SALESLeader S-1-5-21-1326752099-4012446882-462961959-3105

Get SID of Domain in Active Directory

Get-AdDomain cmdlet in the Active Directory gets domain information. It has a DomainSID attribute that is used to get SID of domain in AD.

Run the following PowerShell script to retrieve the domain SID in the active directory.

Get-ADDomain -Identity SHELLPRO | Select Name, DomainSID

In the above PowerShell script, Get-AdDomain cmdlet gets domain information specified by the Identity parameter and pipe output to Select Name and Domain SID in the active directory

Get SID of all Domains in Active Directory

Use the Get-AdForest cmdlet to get SID of all domains in the active directory.

(Get-ADForest).Domains| %{Get-ADDomain -Server $_}|select name, domainsid

Conclusion

I hope the above article on how to get local user SID, get current user SID and find SID in active directory users and computers in PowerShell is helpful to you.

You can use Active Directory cmdlets like Get-ADUser, Get-AdComputer and Get-AdGroup to find SID in active directory users and computers, get ad user SID, ad computer SID using different cmdlet available in Active Directory.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page