Let’s go backwards. We figured out how to get a user name out of a SID earlier:
How do we get the SID from a user name? It turns out that’s not quite as easy:
$ntAccount = new-object System.Security.Principal.NTAccount($env:userDomain, $env:userName) ;
$sid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier]).value;
The above assumes that I’m looking for my own SID. Change $env:userName to suit. Why did I look for this? So I can get the AD object for a given username. Paired with the initial SID-to-username cryptogram earlier, this makes it easy.