REW

How To Find The SID Of A User Account In Active Directory?

Published Aug 29, 2025 4 min read
On this page

Finding a Security Identifier (SID) for a user account in Active Directory (AD) is a routine task for administrators and cybersecurity professionals.

The SID is a unique, unchangeable value used internally by Windows to identify a security principal, such as a user, group, or computer. Unlike a username, which can be changed, a SID remains consistent throughout the object's life, making it a reliable identifier for auditing and access control.

The following methods provide multiple ways to find a user's SID, ranging from graphical user interface (GUI) tools to command-line utilities.

Method 1: Using Active Directory Users and Computers (ADUC)

This GUI-based method is straightforward and is ideal for finding the SID of an individual user.

  1. Open ADUC by pressing Win + R and typing dsa.msc, then pressing Enter.
  2. Click View in the top menu and select Advanced Features. This is a crucial step that reveals the advanced properties of AD objects.
  3. Navigate to the user account you want to inspect. Right-click the account and select Properties.
  4. In the properties window, click the Attribute Editor tab.
  5. Scroll down to the objectSID attribute. The value listed is the user's SID.

Method 2: Using PowerShell

PowerShell is a powerful and efficient tool for retrieving information from Active Directory. This method is highly recommended for scripting and automating bulk operations.

For a single user

To find the SID for a specific user, use the Get-ADUser cmdlet.

  1. Open PowerShell with the Active Directory module installed.
  2. Run the following command, replacing johndoe with the user's SamAccountName:Get-ADUser -Identity johndoe | Select-Object Name, SID

For all users

To list the SID for all users in the domain, use this command:Get-ADUser -Filter * | Select-Object Name, SID

For users in a specific Organizational Unit (OU)

To narrow your search, use the -SearchBase parameter to target a specific OU. Replace the distinguished name with your specific OU path.Get-ADUser -Filter * -SearchBase "OU=Users,DC=yourdomain,DC=com" | Select-Object Name, SID

To convert a SID to a username

If you only have a SID, you can use PowerShell to find the corresponding username.

# Define the SID
$sid = "S-1-5-21-..."
# Find the object and display the SamAccountName
Get-ADObject -Filter "objectSid -eq '$sid'" | Select-Object SamAccountName, objectClass

Use code with caution.

Method 3: Using Command Prompt

The wmic (Windows Management Instrumentation Command-line) utility can be used in the Command Prompt to quickly find a SID.

For a specific user

  1. Open the Command Prompt as an administrator.
  2. Use the wmic command, replacing "username" with the user's name:wmic useraccount where name="username" get sid

For all users

To display a list of all user accounts and their SIDs, use this command:wmic useraccount get name,sid

Method 4: Using AD Explorer

AD Explorer is a free, powerful tool from Sysinternals (now part of Microsoft) that provides a detailed view of Active Directory.

  1. Download and run AD Explorer from the Sysinternals website.
  2. Connect to your Active Directory domain.
  3. Navigate to the user object.
  4. The properties pane will display the objectSid attribute and its value.

Method 5: Using whoami

For a quick check on the currently logged-in user, you can use the whoami command.

  1. Open the Command Prompt or PowerShell.
  2. Type whoami /user and press Enter. The command will display the SID for the current session.

Understanding the Security Identifier (SID)

A SID is not just a random string of characters; it has a specific structure. A typical SID, such as S-1-5-21-3623811015-3361044348-30300820-1013, breaks down as follows:

  • S: Indicates that the string is a SID.
  • 1: The revision level of the SID specification.
  • 5: The identifier authority, indicating the top-level authority that issued the SID (5 refers to NT Authority).
  • 21-3623811015-3361044348-30300820: The domain or computer-specific identifier. This value is unique for every domain and local machine.
  • 1013: The Relative Identifier (RID). This number is unique to the specific user or group within the domain.

The immutability of the SID's domain identifier and RID ensures that permissions remain associated with the object even if its name changes. If a user is deleted and a new user is created with the same name, they will receive a completely new, unique SID.

Enjoyed this article? Share it with a friend.