≡ Menu

Get SID of user

In Windows environment, each user is assigned a unique identifier called Security ID or SID, which is used to control access to various resources like Files, Registry keys, network shares etc. We can obtain SID of a user through WMIC USERACCOUNT command. Below you can find syntax and examples for the same.

Get SID of a local user

wmic useraccount where name='username' get sid

For example, to get the SID for a local user with the login name  ‘John’, the command would be as below

wmic useraccount where name='John' get sid

Get SID for current logged in user

To retrieve the SID for current logged in user we can run the below command. This does not require you to specify the user name in the command. This can be used in batch files which may be executed from different user accounts.

wmic useraccount where name='%username%' get sid

Get SID for current logged in domain user

Run the command ‘whoami /user’ from command line to get the SID for the logged in user.
Example:

c:\>whoami /user
USER INFORMATION
----------------
User Name      SID
============== ==============================================
mydomain\wincmd S-1-5-21-7375663-6890924511-1272660413-2944159
c:\>

Get SID for the local administrator of the computer

wmic useraccount where (name='administrator' and domain='%computername%') get name,sid

Get SID for the domain administrator

wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid

Find username from a SID
Now this is tip is to find the user account when you have a SID. One of the readers of this post had this usecase and he figured out the command himself with the help of the commands given above. Adding the same here.

wmic useraccount where sid='S-1-3-12-1234525106-3567804255-30012867-1437' get name
24 comments… add one
  • itamar

    very good explanation,it’s just great

  • Ravi

    Hi, Very good post!

    Can you tell me how to get the SID of AD Group?

    • Carsten

      Hi,

      to get the SID of a ADGroup you can simply use the PowerShell CmdLet Get-ADGroup:

      Get-ADGroup -Identity “Group Name”

      DistinguishedName : CN=Administratoren,CN=Builtin,DC=domain,DC=com
      GroupCategory : Security
      GroupScope : DomainLocal
      Name : Administratoren
      ObjectClass : group
      ObjectGUID : 7d6471ab-9ea3-4cc4-8652-be3345623291
      SamAccountName : Administratoren
      SID : S-1-5-32-544

      With the exact same Cmdlet you can get the Groupname from a given SID:

      PS C:\Windows> Get-ADGroup -Identity S-1-5-32-544

      DistinguishedName : CN=Administratoren,CN=Builtin,DC=horaios,DC=local
      GroupCategory : Security
      GroupScope : DomainLocal
      Name : Administratoren
      ObjectClass : group
      ObjectGUID : 7d6471ab-9ea3-4cc4-8652-be3345623291
      SamAccountName : Administratoren
      SID : S-1-5-32-544

      :-)

  • amonjane

    Well, nice tips!!!

  • Robson

    Hi Guy, nice post.

    Could you tell me how to get Admin SID from cmd using another user but administrator?

    • Greg

      get-aduser -identity

  • Nitin

    How to delete SID in admin group..??

  • Bikash Biswal

    Very good post. Thanks for sharing the information.

  • Tarif

    How to get sid of ad user id, I am not able to get the user id from whoami command.

    • vipan

      Try this

      whoami /user

  • birzzlekung

    How to get sid of computer object for all user on AD ?
    Thank you.

    • Mikael Hansen

      You would do that with Powershell:
      get-adcomputer -filter * | select Name, SID

      This will give you a list with computernames and corresponding SID.

      to output to text:
      get-adcomputer -filter * | select Name, SID >> C:\temp\computersandSID.txt

      to output to csv:
      get-adcomputer -filter * | select Name, SID | output-csv C:\temp\computersandSID.csv

      this should be done from a Domain controller or from a domain client with RSAT tools.

  • RoFel

    I needed it the other way round, I had an SID and wanted to know what user it was, so I turned the wmic command around an it worked fine:

    wmic useraccount where sid=’S-1-5-21-….’ get name

    Thank you for this tip!

    • Srini

      Hello Rofel, glad that this article helped you figure out the command for your reverse usecase. I am including this in the post for the benefit of others.

  • Thark

    Hi .. is there a way to set the SID into a var?
    Meanwhile i get this via wmic useraccount get name,sid | findstr %userprofile:~9% or woami /user is nice. ;)
    and set it manually .. :/

  • AdminUser

    Hi and thank you for this tip!
    I have to create a little script to automatically copy some registry files.
    First it has to get the sid of the user and then it has to navigate to the registry – HKEY_USERS\%sid% and copy the files there.
    Can anyone help me out with that please?
    Thank you in advance!

  • FC TC

    Thank you for this command line page.

    B/G: OS 7 Home Premium SP1 in Dual Boot environment with Win 10

    When checking file security of multiple files, I discovered two Unknown Account SIDs:

    Account Unknown(S-1-5-21- … -1001)
    Account Unknown(S-1-5-21- … -1007)

    I was unable to delete these accounts and they did not show up under UAC. These accounts have inherited properties for EACH file. If I removed the inheritance, I couldn’t any access the file at all. I bumped up UAC to default, which had been turned off.

    Turns out the dual boot scenario generated at least one of the unknown SIDs. I found that the SIDs does belong to my Win 10. So when I access files on the Win7 partition from a Win 10 logon, as I have done, the ‘unknown SID’ really belongs to the user there in 10 (moi).

    Here are the command lines that I used:

    WhoAmI ‘determines current user; works in Win 7, 10 and also as a Linux command as I understand.

    wmic useraccount where name=’%username%’ get sid ;returns the SID

    Source found here (and fairly easy to understand): http://www.windows-commandline.com/get-sid-of-user/

    Running the latter on Win 10, gave me exactly one of the unknown SIDs. Bingo!

    I also have Virtual Machines on my Win 7 machine with a shared folder and wondering if they created the second SID. Finally, my dual boot is really a tri-boot with Vista on a second drive and I will check its SID. I don’t recall accessing data from Vista in any other partition but I have copied files from Vista into 7.

    At least the mystery is solved in that I do not have a virus, a keylogger, or some rogue user with full access to my machine.

    Again the command that helped resolve this issue was: wmic useraccount where name=’%username%’ get sid

    Thank you so much,

    FC TC

  • AdminGroupUsers

    Awesome work!

    Wonder if there any option or wmic useraccount command to provide all the users that belong to a group
    Something like wmic useraccount get domain,name,sid where SID=S-1-5-32-544 (this SID is from the Group command)

  • Ralph

    Looks good, thanks to all who have put this info out.

    Now I need to put this in to a .bat file such that I can end up with a variable that has the user’s SID which I can then use to navigate to places that are based on the user sid such as in Win 10 there is a folder “c:\users\public\publicaccountpictures\usersSID”
    or I could user it to go to the “Actual” user reg settings etc.

    Thanks,

    Ralph

  • Ryan Malkmus

    Is there a way to use a wildcard in this command? This is kinda what I was looking to do…
    wmic useraccount where sid=”S-1-5-21*” get name

    But that is not working.

  • acg

    thanks a lot. How can i delete “SID” word. Example:
    wmic useraccount where name=’%username%’ get sid > C:\sid.txt
    and sid.txt
    SID
    S-1-5-21-2416115148-63416681-3240496290-1000
    I only need the number (delete SID)
    Thanks

  • Bryan

    Hi!
    Nice work!
    How to get the list of (all) registered users?

    • Sha

      – @Bryan –

      wmic useraccount get name /all

  • Steve

    Half way there. Is there a way to turn off the headers in the response? If not this is only good for you as an individual looking at it and if that’s the case, there’s not really value in this command. I need to be able to use the response as a value in a subsequent command and I don’t want to have to parse the results.

Leave a Comment