How to get computer SID using PowerShell
Let's start with the theory. ;)
The computer SID is stored in the HKEY_LOCAL_MACHINE\SECURITY\SAM\Domains\Account Registry subkey. This key has a value named F and a value named V. The V value is a binary value that has the computer SID embedded within it at the end of its data. This SID is in a standard format (3 32-bit subauthorities preceded by three 32-bit authority fields).
Because you can't see the SECURITY hive's contents by default (even as an administrator), you need a little trick. Use at command to schedule the startup of PowerShell. Make sure that you schedule the task as Interactive and that the Scheduler service runs in the security context of the System (aka LocalSystem) account because this account—unlike a regular user account—has privileges to view the SAM and SECURITY hives.
c:\> at TIME /interactive powershell.exe
PS> $key = Get-Item HKLM:\security\sam\domains\account
PS> $values = Get-ItemProperty $key.pspath
PS> $bytearray = $values.V
PS> New-Object System.Security.Principal.SecurityIdentifier($bytearray[272..295],0) | Format-List *
BinaryLength : 24
AccountDomainSid : S-1-5-21-796845957-602608370-839522115
Value : S-1-5-21-796845957-602608370-839522115
You can check your result with Sysinternals' PsGetSid:
PS> .\psgetsid.exe
SID for \\COMPUTER:
S-1-5-21-796845957-602608370-839522115
18 comments:
Hmm, why not just use:
(Get-QADComputer computername).SID
you could also invoke powershell without at, since it's clear you have sysinternals tools. :)
psexec.exe -s -i powershell.exe
Is there a way to search a domain for a PC with the SID. I have an orphaned SID floating about and I need a way to find it to see what is going on.
Many Thanks,
Maureen
If you know computer's SID, you can find its DN using the following commands:
PS> $sid = 'S-1-5-21-52832475-452809606-928726530-24352'
PS> [ADSI]"LDAP://<SID=$sid>"
distinguishedName
-----------------
{CN=TESTCOMP,CN=Computers,DC=test,DC=local}
The computer SID is not the same thing as the AD computer object SID.
On Windows 7, this message:
Warning: Due to security enhancements, this task will run at the time expected but not interactively.
Use schtasks.exe utility if interactive task is required ('schtasks /?' for details).
Simple command.
Get-adcomputer -id "ComputerName"
Bingo dmitrysotnikov !
I like using this. It displays the sid and the name of the machine it belongs to.
Get-ADComputer -Filter "name -eq " -Properties sid | select name, sid
Why does everyone keep posting that they can get this out of AD. You folks realize that the computer has its own SID, which is different than the SID of the computer object on the domain, right? ;-)
I realise this is an old old thread, but there is a (slightly cheaty) way to get the local computer SID in PowerShell without needing to elevate privs to System.
https://gist.github.com/IISResetMe/36ef331484a770e23a81
((Get-LocalUser | Select-Object -First 1).SID).AccountDomainSID.ToString()
Basically gets the 1st local account and obtains the computer sid from this object.
Hope this helps someone.
Thank you my friend, it helped to me! Kind regards!!
Hello,
I am getting an error on the powershell:
New-Object System.Security.Principal.SecurityIdentifier($bytearray[272..295],0) | Format-List *
New-Object : Cannot convert argument "0", with value: "System.Object[]", for "SecurityIdentifier" to type
"System.Security.Principal.WellKnownSidType": "Cannot convert value "173" to type
"System.Security.Principal.WellKnownSidType" due to enumeration values that are not valid. Specify one of the
following enumeration values and try again. The possible enumeration values are "NullSid,WorldSid,LocalSid,CreatorOwner
Sid,CreatorGroupSid,CreatorOwnerServerSid,CreatorGroupServerSid,NTAuthoritySid,DialupSid,NetworkSid,BatchSid,Interactiv
eSid,ServiceSid,AnonymousSid,ProxySid,EnterpriseControllersSid,SelfSid,AuthenticatedUserSid,RestrictedCodeSid,TerminalS
erverSid,RemoteLogonIdSid,LogonIdsSid,LocalSystemSid,LocalServiceSid,NetworkServiceSid,BuiltinDomainSid,BuiltinAdminist
ratorsSid,BuiltinUsersSid,BuiltinGuestsSid,BuiltinPowerUsersSid,BuiltinAccountOperatorsSid,BuiltinSystemOperatorsSid,Bu
iltinPrintOperatorsSid,BuiltinBackupOperatorsSid,BuiltinReplicatorSid,BuiltinPreWindows2000CompatibleAccessSid,BuiltinR
emoteDesktopUsersSid,BuiltinNetworkConfigurationOperatorsSid,AccountAdministratorSid,AccountGuestSid,AccountKrbtgtSid,A
ccountDomainAdminsSid,AccountDomainUsersSid,AccountDomainGuestsSid,AccountComputersSid,AccountControllersSid,AccountCer
tAdminsSid,AccountSchemaAdminsSid,AccountEnterpriseAdminsSid,AccountPolicyAdminsSid,AccountRasAndIasServersSid,NtlmAuth
enticationSid,DigestAuthenticationSid,SChannelAuthenticationSid,ThisOrganizationSid,OtherOrganizationSid,BuiltinIncomin
gForestTrustBuildersSid,BuiltinPerformanceMonitoringUsersSid,BuiltinPerformanceLoggingUsersSid,BuiltinAuthorizationAcce
ssSid,WinBuiltinTerminalServerLicenseServersSid,MaxDefined"."
At line:1 char:1
+ New-Object System.Security.Principal.SecurityIdentifier($bytearray[27 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
Did something change ?
Thanks,
Dom
I am also using also:
Get-ADComputer -Filter "name -eq 'name'" -Properties sid | select name, sid | fl *
this is working but I need a second option to confirm.
Thanks,
Dom
you can also use this
Get-ADComputer -Identity *COMPUTER_NAME_HERE*
Richard C said...
((Get-LocalUser | Select-Object -First 1).SID).AccountDomainSID.ToString()
Basically gets the 1st local account and obtains the computer sid from this object.
Hope this helps someone.
---------------------------------------
Yes thanks Richard C, it just proved that someone just cloned one of our www servers in an HA pair and didn't perform the sysprep on the 2nd system so cheers mate.
Hi.
I understand that this is an older thread, but I want to share a clever workaround to obtain the local computer SID in PowerShell without requiring elevated privileges to System. Here is sharing some AlterY Training information may be its helpful to you. AlterYX Training
Post a Comment