Wednesday, December 17, 2014

Get the Domain Given a SecurityIdentifier (SID)

Somebody asked how to get the domain name, given the SID of an object.  There’s at least a couple of ways. 

One uses the Get-ADDomain command in the ActiveDirectory module.  This works because the Identity parameter accepts the domain SID (nice).

Another way is to use the Translate method of the SecurityIdentifier class to translate to an NTAccount which has the account name in the format of Domain\Account.

### Create a new Security Identifier Object

$sid = New-Object System.Security.Principal.SecurityIdentifier "S-1-5-21-2627401586-940742709-677887653-1013"

 

### Get the AD Domain for that SID

Get-ADDomain -Identity $sid.AccountDomainSid

 

### Tranlsate to an NTAccount (REDMOND\FOO)

$sid.Translate([System.Security.Principal.NTAccount])

 

No comments: