Convert System.Byte[] SID to readable SID

Hello,

Today, I’ll show you a nice trick for those who don’t have the pleasure of the Active Directory Web Services with the Active Directory PowerShell module.

To query a AD, without the module, you need to use [ADSI] or [ADSISeacher] object type like that :

[adsi]"LDAP://CN=Administrator,CN=Users,DC=D2K12R2,DC=local"

Now, imagine you need to retrieve the SID of that user :

ADSI-SID-System.Byte

It isn’t a readable SID. If you pipe that into “Get-Member”, you’ll find out why :

ADSI-SID-GetMember

To get a usable and readable SID, you need to to something like that :

ADSI-SID-Converted

(New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $(([adsi]"LDAP://CN=Administrator,CN=Users,DC=D2K12R2,DC=local").objectsid), 0).value

Here is the technical documentation for that type of object.

Leave a Reply