List Users and Their SIDs

An incredibly useful one-liner:

wmic useraccount get disabled,domain,name,sid

Run that from an administrative command prompt while logged in as a domain admin to list all the users and their SIDs. Very handy when trying to decode security events, file permissions, etc. Credit goes to this article. The Disabled column tells you whether the account is active.

Other useful commands:

wmic sysaccount get domain,name,sid – list built-in accounts

wmic group get domain,name,sid – list Active Directory groups

net user <username> – list all info for one user

net localgroup Administrators – list users in the local Administrators group

Unfortunately, I haven’t been able to find a wmic command to list all the computer accounts in Active Directory. The closest I’ve come is a pair of PowerShell commands to translate a computer or user SID (from TechNet):

$objSID = New-Object System.Security.Principal.SecurityIdentifier `
    ("S-1-5-21-1454471165-1004335555-1606985555-5555")
$objSID.Translate([System.Security.Principal.NTAccount]).Value

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.