Skip to main content
Version: 4.0

ConvertTo-ADTNTAccountOrSID

SYNOPSIS

Convert between NT Account names and their security identifiers (SIDs).

SYNTAX

NTAccountToSID

ConvertTo-ADTNTAccountOrSID -AccountName <NTAccount> [<CommonParameters>]

SIDToNTAccount

ConvertTo-ADTNTAccountOrSID -SID <SecurityIdentifier> [<CommonParameters>]

WellKnownName

ConvertTo-ADTNTAccountOrSID -WellKnownSIDName <WellKnownSidType> [-WellKnownToNTAccount] [-LocalHost]
[<CommonParameters>]

DESCRIPTION

Specify either the NT Account name or the SID and get the other. Can also convert well known sid types.

EXAMPLES

EXAMPLE 1

ConvertTo-ADTNTAccountOrSID -AccountName 'CONTOSO\User1'

Converts a Windows NT Account name to the corresponding SID.

EXAMPLE 2

ConvertTo-ADTNTAccountOrSID -SID 'S-1-5-21-1220945662-2111687655-725345543-14012660'

Converts a Windows NT Account SID to the corresponding NT Account Name.

EXAMPLE 3

ConvertTo-ADTNTAccountOrSID -WellKnownSIDName 'NetworkServiceSid'

Converts a Well Known SID name to a SID.

PARAMETERS

-AccountName

The Windows NT Account name specified in <domain><username> format.

Use fully qualified account names (e.g., <domain><username>) instead of isolated names (e.g, <username>) because they are unambiguous and provide better performance.

Type: NTAccount
Parameter Sets: NTAccountToSID
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SID

The Windows NT Account SID.

Type: SecurityIdentifier
Parameter Sets: SIDToNTAccount
Aliases:

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WellKnownSIDName

Specify the Well Known SID name translate to the actual SID (e.g., LocalServiceSid).

To get all well known SIDs available on system: [Enum]::GetNames([Security.Principal.WellKnownSidType])

Type: WellKnownSidType
Parameter Sets: WellKnownName
Aliases:
Accepted values: NullSid, WorldSid, LocalSid, CreatorOwnerSid, CreatorGroupSid, CreatorOwnerServerSid, CreatorGroupServerSid, NTAuthoritySid, DialupSid, NetworkSid, BatchSid, InteractiveSid, ServiceSid, AnonymousSid, ProxySid, EnterpriseControllersSid, SelfSid, AuthenticatedUserSid, RestrictedCodeSid, TerminalServerSid, RemoteLogonIdSid, LogonIdsSid, LocalSystemSid, LocalServiceSid, NetworkServiceSid, BuiltinDomainSid, BuiltinAdministratorsSid, BuiltinUsersSid, BuiltinGuestsSid, BuiltinPowerUsersSid, BuiltinAccountOperatorsSid, BuiltinSystemOperatorsSid, BuiltinPrintOperatorsSid, BuiltinBackupOperatorsSid, BuiltinReplicatorSid, BuiltinPreWindows2000CompatibleAccessSid, BuiltinRemoteDesktopUsersSid, BuiltinNetworkConfigurationOperatorsSid, AccountAdministratorSid, AccountGuestSid, AccountKrbtgtSid, AccountDomainAdminsSid, AccountDomainUsersSid, AccountDomainGuestsSid, AccountComputersSid, AccountControllersSid, AccountCertAdminsSid, AccountSchemaAdminsSid, AccountEnterpriseAdminsSid, AccountPolicyAdminsSid, AccountRasAndIasServersSid, NtlmAuthenticationSid, DigestAuthenticationSid, SChannelAuthenticationSid, ThisOrganizationSid, OtherOrganizationSid, BuiltinIncomingForestTrustBuildersSid, BuiltinPerformanceMonitoringUsersSid, BuiltinPerformanceLoggingUsersSid, BuiltinAuthorizationAccessSid, WinBuiltinTerminalServerLicenseServersSid, MaxDefined

Required: True
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WellKnownToNTAccount

Convert the Well Known SID to an NTAccount name.

Type: SwitchParameter
Parameter Sets: WellKnownName
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-LocalHost

Avoids a costly domain check when only converting local accounts.

Type: SwitchParameter
Parameter Sets: WellKnownName
Aliases:

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

System.String

Accepts a string containing the NT Account name or SID.

OUTPUTS

System.String

Returns the NT Account name or SID.

NOTES

An active ADT session is NOT required to use this function.

The conversion can return an empty result if the user account does not exist anymore or if translation fails Refer to: http://blogs.technet.com/b/askds/archive/2011/07/28/troubleshooting-sid-translation-failures-from-the-obvious-to-the-not-so-obvious.aspx

Tags: psadt
Website: https://psappdeploytoolkit.com
Copyright: (C) 2025 PSAppDeployToolkit Team (Sean Lillis, Dan Cunningham, Muhammad Mashwani, Mitch Richters, Dan Gough).
License: https://opensource.org/license/lgpl-3-0

https://psappdeploytoolkit.com/docs/reference/functions/ConvertTo-ADTNTAccountOrSID

http://msdn.microsoft.com/en-us/library/system.security.principal.wellknownsidtype(v=vs.110).aspx