Functions to Obtain SIDs and Usernames
Here are two functions that let you obtain a user’s SID and, conversely, obtain the username associated with a SID.
August 7, 2005
In some scripts, I've found it useful to be able to obtain a user's SID and, conversely, obtain the username associated with a SID. To perform these tasks, I created the GetSIDFromUser and GetUserFromSID functions. The GetSIDFromUser function uses Windows Management Instrumentation's (WMI's) Win32_UserAccount class to retrieve an account's SID. The GetUserFromSID function uses WMI's Win32_SID class to return the account name for a SID.
GetSIDFromUser
Listing 1 shows the VBScript version of GetSIDFromUser. You call the function with the code
GetSIDFromUser(username)
where username is the name of the user whose SID you want. The username parameter can include a domain name (e.g., domainusername). If you don't specify a domain name, the current logon domain is assumed.
The function first determines whether the passed parameter contains a backslash (). If it does, the function separates the passed parameter into a domain name and username. The fully qualified WMI path requires both parts, so if no backslash is present, the WScript.Network object's UserDomain property value is used for the domain name.
Next, the function retrieves the associated WMI Win32_UserAccount object and returns its SID property, which contains the string representation of the SID for the specified user. If the function fails to retrieve the WMI object (i.e., if the user doesn't exist or another error occurs), the function returns an empty string.
GetUserFromSID
The GetUserFromSID function takes a SID value as input and returns the associated username in the format domainusername. Listing 2 shows the VBScript version of the function. To call the function, you use the code
GetUserFromSID(SID)
where SID is a string value that matches the format returned by the GetSIDFromUser function.
The GetUserFromSID function retrieves the WMI Win32_SID object that has the specified SID and returns the ReferencedDomainName and AccountName properties separated by a backslash. If the operation fails, the function returns a blank string.
Using the Functions
You can download VBScript and JScript versions of the GetSIDFromUser and GetUserFromSID functions from the Windows Scripting Solutions Web site. Go to http://www.windowsitpro.com/windowsscripting, enter 47127 in the InstantDoc ID text box, then click the 47127.zip hotlink. The functions are saved in standalone script files, which you can execute from the command line. The functions don't have any dependencies except WMI (which is part of the OS in Windows 2000 and later), so you can drop them as-is into any VBScript or JScript code that deals with user SIDs. For example, each subkey listed in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList registry key is a SID. You could write a script that uses the EnumKey in WMI's StdRegProv class to iterate this list of subkeys, then call the GetUserFromSID function using each subkey's name as a parameter to obtain the account associated with each profile.
—Bill Stewart
[email protected]
About the Author
You May Also Like