SID Query in Command Prompt and PowerShell

Check Windows User SID

For system administrators, querying information about the environment and configuration is an everyday job. One of these information is the Security Identifier (SID), which is used by Windows to identify users and groups. User names on a network can be duplicated, so that there is no conflict, each user is assigned a unique SID.

When assowing user rights, Windows uses the SID defined for that purpose. A SID is roughly similar to a Globally Unique Identifier (GUID) that each object in Windows owns. However, SIDs receive only security-relevate objects, because the SID is used for authentication of authenticity.

This SID identifies the user across the network. Even if the user’s name is changed, the SID persists, the user on the network is deleted and his SID is unchanged.

Structure of my SID

S-1-5-21–4147432549-3588766049-1627529166-1001

The SID (Security Identifier) tokens have the following meanings:

SIt is a SID
1Revision
5Identifier Authority
18System profiles
19Localservice
20Networkservice
21User profile
4147432549-3588766049-1627529166Domain ID, Computer ID
1001User ID (RID)

Table with SID of system accounts

SID Queries

If you want to query the SID of all user accounts, you can do so with the following command in a Command Prompt (cmd).

All SIDs and user names are output.

Here are the SIDs of the local accounts. For a query in a network domain, there may be some more.

Computer and domain SIDs consist of a base SID and a relative ID (RID) appended to the base SID. If the computer belongs to a domain, another SID comes into play. The computer still has its own computer SID and local accounts and groups, but is also a member of a domain and therefore has a SID that represents the computer account in that domain. The SID of a computer account consists of the SID of the administrator account, minus the RID, which is omitted last 3 bit or 4 bit (500).

If a user’s SID is to be specifically queried, such as his own SID, this can be done with the following command.

If you want to know another user’s SID, you can specify a user instead of %username%, e.g., john.

The following command detects the SID of the user who is currently logged on in an AD domain.

In the opposite way, it is also possible to query the user name of a SID.

In the PowerShell, the query looks like this.

The user name and SID of the user logged on to the company domain is output.

For example, you can use the SID to find the ProfileImagePath for the user profile in the registry in order to make repairs or adjustments. The SID is also used as an ObjectID in SQL tables to identify and authorize users from Active Directory in an application, such as Dynamics AX.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\NT-CurrentVersion\ProfileList

Leave a Reply

Your email address will not be published. Required fields are marked *