Security Identifier(SID): GetSID of a user,object using Registry, WMIC, PowerShell

At times, we are in a situation when need to identify the SID of any object. The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups. For more information Refer here 

We have different ways to identify the SID of any object. However, my main objective of writing this blog is to point out the PowerShell option, I will still list out other options.


1. Using PSGetSID

We can use this sysinternal’s tool PsGetSid but you will have to download this and than run this.

2. By looking at the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

We can look at these registry hives at following path. Each of the item at this hive is named with the SID of the account. By looking at the ProfileImagePath key under specific account’s hive, you can identify the account’s name. Like below, we can see this is for “NetworkService” account.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList


Also, like below, selected item is for a user named “gaurav” and it’s SID is the name of the hive.



This approach has one limitation which is you can only get the SID of either a local user or a domain user who has logged in at least once onto this machine.


There is this approach which we can use and will work in all of the cases except on any OS prior to Windows XP. We will use WMI commands to find out the SID of any user within the network. Like below, in the following command, gauravtestMachine is the computer name.

wmic useraccount where (name='administrator' and domain='gauravtestMachine') get name,sid

Name           SID
administrator  S-1-5-21-1976753858-2077894621-3616986626-500


We can run the same command if we want to get the SID of a domain user by replacing domain value with the actual value.


4. Using PowerShell

Since the focus is on PowerShell, I have give a feWe have got yet another option to fetch the SID using the PowerShell command which i think is the most suitable and convenient option.  Here is the command. Please remember that this command has to be exactly like this. If you put an extra space, that can cause a problem.

A. For a domain user

PS C:\Users\Administrator> [wmi] "win32_userAccount.Domain='webfarm',Name='testuser'"

AccountType : 512
Caption     : webfarm\testuser
Domain      : webfarm
SID         : S-1-5-21-2536614405-3629634762-1218571035-1116
FullName    : Test User
Name        : testuser




B. For a local user, 

You just have to replace the Domain value with the computer name and your command should look like this.

PS C:\Users\gaarya> [wmi] "Win32_userAccount.Domain='gauravkarya',Name='Administrator'"

AccountType : 512
Caption     : gauravkarya\Administrator
Domain      : gauravkarya
SID         : S-1-5-21-1976753858-2077894621-3616986626-500
FullName    :
Name        : Administrator



Alternatively, you can also use PowerShell cmdlet Get-WmiObject rather than using [WMI]. Get-WmiObject is just a PowerShell way of using WMI.

PS C:\Users\Administrator> Get-WmiObject win32_useraccount -Filter "name = 'testuser' AND domain = 'webfarm'"

AccountType : 512
Caption     : WEBFARM\testuser
Domain      : WEBFARM
SID             :  S-1-5-21-2536614405-3629634762-1218571035-1116
FullName    : Test User
Name         : testuser



I think that above PowerShell approach is the easiest one. However, you find yet another way of doing this only using PowerShell cmdlets here Windows PowerShell Tip of the Week.


Please feel free to write the feedback.












Comments (8)
  1. The PowerShell Guy in Trouble says:

    This is great for finding the SID, but what about when I want it to stay the same after a sysprep or if I want to take the original SID from account before it was syspreped.  

  2. Vincent Sanchez says:

    For a domain user, you can use the command whoami with the /user switch in the commandline.

    C:UsersUser>whoami /user

    Seems easiest for me.

  3. Vincent Sanchez says:

    forgot to indicate the the earlier command (whoami /user)  is for the currently logged user only.

  4. Thanks Vincent for bringing this up.

    Yes that option is also there. I did not mention since this works only for current logged in user.

  5. Sam Samuelson says:

    What would be the PowerShell command if you wanted to find the SID for all of the users in your domain (about 200)?

  6. Doug Fessler says:

    great article…. Thanks

  7. aenagy says:

    How would you find the name of the RID500 user account (ADSAdministrator) without resorting to something like: Get-WmiObject Win32_Account -Filter “Domain=’$TargetDomain’ and SID Like ‘%-500’ ” which searches all accounts in the domain. Or, to put it another way, how would you find the SID of the domain? (and then append “-500”)

Comments are closed.

Skip to main content