Identify an AD object from the SID

Posted on September 2, 2018September 2, 2018 by Alan

Convert-SidToADObject will take an AD SID and return an object containing the object’s name, SamAccountName, Description, type and distinguished name.

function Convert-SidToADObject($sid) {
    $u = [adsi]("LDAP://<SID=" + $sid + ">")
    if ($u.SamAccountName) {
        [psCustomObject]@{
            Name              = $u.Name.value
            SamAccountName    = $u.samAccountName.value
            Description       = $u.description.value
            Type              = $u.objectclass.Value[1]
            DistinguishedName = $u.distinguishedName.value 
        }
    }
    Else {
        "Lookup Failed"
    }
}

This function shows the relatively obscure binding string for SIDs in AD. It uses the ADSI accelerator, so it doesn’t require the ActiveDirectory module.

You must be logged in to post a comment.

All the scripts are saved as .txt files. Newer files have a “View Script” button which will let you save or open a script in notepad. For earlier posts, the easiest way to download with IE is to right click on the link and use “Save Target As”. Rename file from Name_ext.txt to Name.ext.

To see a full post after searching, please click on the title.

PowerShell Scripts were written with version 3 or later.

https connections are supported.

All new users accounts must be approved, as are comments. Please be patient. If you find a post error or a script which doesn’t work as expected, I appreciate being notified. My email is my first name at the domain name, and you are welcome to contact me that way.

Leave a Reply