Active Directory accounts contain the SID in binary form. To convert the byte array into a string representation, use a .NET function like this:
# get current user $searcher = [ADSISearcher]"(&(objectClass=User)(objectCategory=person)(sAMAccountName=$env:username))" $user = $searcher.FindOne().GetDirectoryEntry() # get binary SID from AD account $binarySID = $user.ObjectSid.Value # convert to string SID $stringSID = (New-Object System.Security.Principal.SecurityIdentifier($binarySID,0)).Value $binarySID $stringSID
In this example, an ADSI searcher gets the current user account (provided the currently logged on user is logged on to a domain). Then, the binary SID is converted to a string SID.