User name by SID?

Question

How can I determine user name and domain if all I have is the user's SID?

score 4 · Answer 1 · answered Apr 26 '10 at 10:20

4

psgetsid from SysInternals PSTools will do this. Put a SID on the command line it will give you the user/group name, and visa-versa.

answered Apr 26 '10 at 10:20

Richard

5,374

score 3 · Accepted Answer · answered Apr 26 '10 at 06:14

ADFind can do this. The list of options is here. For example, you might do something like this to export a list of users with their SID:

adfind -h domaincontroller01:389 -b "CN=Users,DC=domain,DC=com" -f "(objectClass=user)" objectSID displayName

You can run ADFind from any box as long as it can reach a domain controller. Obviously you would replace domaincontroller01 with the name or IP of a domain controller and change the "CN=Users,DC=domain,DC=com" to reflect the path to the users in question.

score 3 · Answer 3 · answered Apr 26 '10 at 14:15

Fire up windows powershell and run:

$strSID="S-1-5-21-500000003-1000000000-1000000003-1001"
$uSid = [ADSI]"LDAP://<SID=$strSID>"
echo $uSid

the output should look something like this,

distinguishedName : {CN=John Doe,OU=Domain Admins,OU=People,OU=xxx,DC=xxx}
Path              : LDAP://<SID=S-1-5-21-500000003-1000000000-1000000003-1001>

score 0 · Answer 4 · answered Aug 17 '10 at 21:07

Open regedit (Windows-R regedit)
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Click on the subkeys (something like S-1-5-19)
Look at the ProfileImagePath (it'll have something like %SystemDrive%\Documents and Settings\LocalService).

So in this example SID S-1-5-19 is LocalService

User name by SID?

4 Answers4