All geek questions in one place

How to convert SID to account name in PowerShell?

This question is inspired by a similar question using the C # tag. If I have a Windows SID and would like to convert it to a readable account name, how can I achieve this using PowerShell instead of C #?

I currently have the following code that retrieves group membership for the current user account:

$Identity = [System.Security.Principal.WindowsIdentity]::GetCurrent();
$Identity.Groups;

Property results Groupsdo not give me any account names, only SID. If I pass the output from the property Groupsto the PowerShell cmdlet Get-Member, I see that the resulting objects are objects System.Security.Principal.SecurityIdentifier. However, looking at the documentation (and Intellisense) for the property Groupsshows that it returns an object IdentityReferenceCollection.

How to convert these objects SecurityIdentifierto proper names?

+4
source share
3 answers

The solution is to use the class method . The only parameter for this method is a reference to the .NET type that you would like to convert to. If you look at this answer to a similar C # question, you will see that you can just pass the link to the System.Security.Principal.NTAccount class .Translate() SecurityIdentifierSecurityIdentifier

The resulting code will look something like this:

$Identity = [System.Security.Principal.WindowsIdentity]::GetCurrent();
foreach ($Group in $Identity.Groups) {
    $Group.Translate([System.Security.Principal.NTAccount]).Value;
}
+6
source

One way to resolve the SID for account names is to use a class Win32_SID:

PS C:\> $sid = 'S-1-5-18'
PS C:\> [wmi]"Win32_SID.SID='$sid'"


__GENUS              : 2
__CLASS              : Win32_SID
__SUPERCLASS         :
__DYNASTY            : Win32_SID
__RELPATH            : Win32_SID.SID="S-1-5-18"
__PROPERTY_COUNT     : 5
__DERIVATION         : {}
__SERVER             : CARBON
__NAMESPACE          : root\cimv2
__PATH               : \\CARBON\root\cimv2:Win32_SID.SID="S-1-5-18"
AccountName          : SYSTEM
BinaryRepresentation : {1, 1, 0, 0...}
ReferencedDomainName : NT-AUTHORITY
SID                  : S-1-5-18
SidLength            : 12
PSComputerName       : CARBON
+7
source

It looks like you already have an answer. I wrote a wrapper for a while, also looking at a list of known SIDs if it helps. ConvertFrom-SID

The general way to print this would be: where $ sid contains the string SID:

$sid = '<SIDGoesHere>';
$objSID = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $sid;
$name = $objSID.Translate([System.Security.Principal.NTAccount]).Value;

Hooray!

+2
source

Source: https://habr.com/ru/post/1531211/

More articles:


All Articles