Skip to main content

ConvertTo-NTAccountOrSID

SYNOPSISโ€‹

Convert between NT Account names and their security identifiers (SIDs).

SYNTAXโ€‹

NTAccountToSIDโ€‹

ConvertTo-NTAccountOrSID -AccountName <String> [<CommonParameters>]

SIDToNTAccountโ€‹

ConvertTo-NTAccountOrSID -SID <String> [<CommonParameters>]

WellKnownNameโ€‹

ConvertTo-NTAccountOrSID -WellKnownSIDName <String> [-WellKnownToNTAccount] [<CommonParameters>]

DESCRIPTIONโ€‹

Specify either the NT Account name or the SID and get the other. Can also convert well known sid types.

EXAMPLESโ€‹

EXAMPLE 1โ€‹

ConvertTo-NTAccountOrSID -AccountName 'CONTOSO\User1'

Converts a Windows NT Account name to the corresponding SID

EXAMPLE 2โ€‹

ConvertTo-NTAccountOrSID -SID 'S-1-5-21-1220945662-2111687655-725345543-14012660'

Converts a Windows NT Account SID to the corresponding NT Account Name

EXAMPLE 3โ€‹

ConvertTo-NTAccountOrSID -WellKnownSIDName 'NetworkServiceSid'

Converts a Well Known SID name to a SID

PARAMETERSโ€‹

-AccountNameโ€‹

The Windows NT Account name specified in <domain><username> format. Use fully qualified account names (e.g., <domain><username>) instead of isolated names (e.g, <username>) because they are unambiguous and provide better performance.

Type: String
Parameter Sets: NTAccountToSID
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SIDโ€‹

The Windows NT Account SID.

Type: String
Parameter Sets: SIDToNTAccount
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WellKnownSIDNameโ€‹

Specify the Well Known SID name translate to the actual SID (e.g., LocalServiceSid).

To get all well known SIDs available on system: [Enum]::GetNames([Security.Principal.WellKnownSidType])

Type: String
Parameter Sets: WellKnownName
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WellKnownToNTAccountโ€‹

Convert the Well Known SID to an NTAccount name

Type: SwitchParameter
Parameter Sets: WellKnownName
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParametersโ€‹

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTSโ€‹

System.Stringโ€‹

Accepts a string containing the NT Account name or SID.โ€‹

OUTPUTSโ€‹

System.Stringโ€‹

Returns the NT Account name or SID.โ€‹

NOTESโ€‹

This is an internal script function and should typically not be called directly.

The conversion can return an empty result if the user account does not exist anymore or if translation fails.

http://blogs.technet.com/b/askds/archive/2011/07/28/troubleshooting-sid-translation-failures-from-the-obvious-to-the-not-so-obvious.aspx

https://psappdeploytoolkit.com

http://msdn.microsoft.com/en-us/library/system.security.principal.wellknownsidtype(v=vs.110).aspx