![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n \n
Hey, Scripting Guy! How can I determine the SID for a user account? Hey, MD. For those of you whose eyes glaze over any time they see an acronym (not that we blame you), SID is short for Security Identifier. A SID is a unique ID string (e.g., S-1-5-21-1454471165-1004336348-1606980848-5555) that is assigned to each account created in a domain or on a local computer. For our purposes, we\u2019ll just say that SID is how the operating system keeps track of accounts. For example, you can rename the Administrator account on a computer and still use that account to function as an administrator because Windows doesn\u2019t really care what the name is; Windows still knows that this account is the Administrator account because the SID remains the same regardless of the account name. It\u2019s like your Social Security Number which – assuming you haven\u2019t had your identify hijacked – uniquely identifies you<\/I> regardless of the name you go by.<\/P>\n Most of the time you don\u2019t need to worry about SIDs, which is good: obviously it\u2019s easier to deal with an account name like kenmyer than it is to deal with a SID like S-1-5-21-1454471165-1004336348-1606980848-5555. However, there are times when it\u2019s useful to know which SID goes with which user account. WMI\u2019s security classes, for example, rely on SIDs; likewise, the Windows registry tracks user profiles by SID rather than by name (take a look at HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList to see what we mean). You might be able to live your entire scripting life without ever needing to know a user\u2019s SID. But, then again \u2026.<\/P>\n So how do we find a user\u2019s SID? Well, we use a script similar to this, which returns the SID for the user kenmyer<\/B> with an account in the fabrikam<\/B> domain:<\/P> Set objAccount = objWMIService.Get _\n (“Win32_UserAccount.Name=’kenmyer’,Domain=’fabrikam'”)\nWscript.Echo objAccount.SID\n<\/PRE>\n As you can see, the SID is practically longer than the script. All we do here is connect to the WMI service, and then use the Get<\/B> method to bind to a specified instance of the Win32_UserAccount class. Notice we don\u2019t use ExecQuery and return a collection of all the SIDs in our domain; that won\u2019t work. Instead, we have to use Get and specify a particular user account. After that, it\u2019s simply a matter of echoing the SID, which we do in the last line of the script.<\/P>\n Incidentally, this works just as well for local user accounts. The only difference is that you don\u2019t specify a domain name for the Domain<\/B> parameter; instead, you specify the name of the local computer. For example, this script returns the SID for the local user account kenmyer<\/B> on the computer atl-ws-01<\/B>:<\/P> Set objAccount = objWMIService.Get _\n (“Win32_UserAccount.Name=’kenmyer’,Domain=’atl-ws-01′”)\nWscript.Echo objAccount.SID\n<\/PRE>\n Pretty slick, huh?<\/P>\n Of course, it\u2019s possible that you might need to go the other direction; that is, you might have a SID and need to know which account that SID belongs to. Can you do that? Of course you can:<\/P> Set objAccount = objWMIService.Get _\n (“Win32_SID.SID=’S-1-5-21-1454471165-1004336348-1606980848-5555′”)\nWscript.Echo objAccount.AccountName\nWscript.Echo objAccount.ReferencedDomainName\n<\/PRE>\n The big difference here is that instead of getting an instance of the Win32_UserAccount class we get an instance of the Win32_SID class (and note that we pass the SID as the parameter to the Get method). As soon as we\u2019ve retrieved that instance, we echo the account name and domain name, and we\u2019re off and running.<\/P>
— MD<\/P>![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")
![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \nstrComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
strComputer = “.”\nSet objWMIService = GetObject(“winmgmts:\\\\” & strComputer & “\\root\\cimv2”)<\/p>\n
\n\n
![\"Top](\"http:\/\/www.microsoft.com\/technet\/mnplibrary\/templates\/MNP2.Common\/images\/arrow_px_up.gif\"){kind=icon}
<\/A>