Finding Active Directory Accounts by SID

by Oct 24, 2013

If you know the SID and would like to find the corresponding Active Directory account, then LDAP queries won't work well. For them to work, you would have to reformat the SID to match the LDAP formatting rules which is not a trivial task.

A much easier way uses an LDAP path. Let's assume you have a string SID in $SID variable, and you would like to find the Active Directory account tied to it. Try this:

$SID = '<enter SID here>'   # like S-1-5-21-1234567-...
$account = [ADSI]"LDAP://<SID=$SID>"

Twitter This Tip! ReTweet this Tip!