Security Identifier(SID): GetSID of a user,object using Registry, WMIC, PowerShell

At times, we are in a situation when need to identify the SID of any object. The security identifier (SID) structure is a variable-length structure used to uniquely identify users or groups. For more information Refer here 

We have different ways to identify the SID of any object. However, my main objective of writing this blog is to point out the PowerShell option, I will still list out other options.


1. Using PSGetSID

We can use this sysinternal’s tool PsGetSid but you will have to download this and than run this.

2. By looking at the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

We can look at these registry hives at following path. Each of the item at this hive is named with the SID of the account. By looking at the ProfileImagePath key under specific account’s hive, you can identify the account’s name. Like below, we can see this is for “NetworkService” account.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList


Also, like below, selected item is for a user named “gaurav” and it’s SID is the name of the hive.



This approach has one limitation which is you can only get the SID of either a local user or a domain user who has logged in at least once onto this machine.


There is this approach which we can use and will work in all of the cases except on any OS prior to Windows XP. We will use WMI commands to find out the SID of any user within the network. Like below, in the following command, gauravtestMachine is the computer name.

wmic useraccount where (name='administrator' and domain='gauravtestMachine') get name,sid

Name           SID
administrator  S-1-5-21-1976753858-2077894621-3616986626-500


We can run the same command if we want to get the SID of a domain user by replacing domain value with the actual value.


4. Using PowerShell

Since the focus is on PowerShell, I have give a feWe have got yet another option to fetch the SID using the PowerShell command which i think is the most suitable and convenient option.  Here is the command. Please remember that this command has to be exactly like this. If you put an extra space, that can cause a problem.

A. For a domain user

PS C:\Users\Administrator> [wmi] "win32_userAccount.Domain='webfarm',Name='testuser'"

AccountType : 512
Caption     : webfarm\testuser
Domain      : webfarm
SID         : S-1-5-21-2536614405-3629634762-1218571035-1116
FullName    : Test User
Name        : testuser




B. For a local user,  

You just have to replace the Domain value with the computer name and your command should look like this.

PS C:\Users\gaarya> [wmi] "Win32_userAccount.Domain='gauravkarya',Name='Administrator'"

AccountType : 512
Caption     : gauravkarya\Administrator
Domain      : gauravkarya
SID         : S-1-5-21-1976753858-2077894621-3616986626-500
FullName    :
Name        : Administrator



Alternatively, you can also use PowerShell cmdlet Get-WmiObject rather than using [WMI]. Get-WmiObject is just a PowerShell way of using WMI.

PS C:\Users\Administrator> Get-WmiObject win32_useraccount -Filter "name = 'testuser' AND domain = 'webfarm'"

AccountType : 512
Caption     : WEBFARM\testuser
Domain      : WEBFARM
SID             :  S-1-5-21-2536614405-3629634762-1218571035-1116
FullName    : Test User
Name         : testuser



I think that above PowerShell approach is the easiest one. However, you find yet another way of doing this only using PowerShell cmdlets here Windows PowerShell Tip of the Week.


Please feel free to write the feedback.