Monday, January 10, 2011

Convert Active Directory Object objectSid attribute to String in PowerShell

Here is a quick and simple solution to a problem that comes up from time to time. I need to know the string value of an Active Directory object's security identifier (sid) for a comparison, usually on a non-Windows system. Here is how I generate that string.
$objectSid = [byte[]]$activeDirectoryObject.objectSid 
$sid = New-Object System.Security.Principal.SecurityIdentifier($objectSid,0) 
$sidString = ($sid.value).ToString()

2 comments:

  1. I had issues getting this to work until I modifid the first line and added [0] at the end of it.

    $objectSid = [byte[]]$activeDirectoryObject.objectSid[0]
    $sid = New-Object System.Security.Principal.SecurityIdentifier($objectSid,0)
    $sidString = ($sid.value).ToString()

    ReplyDelete
  2. I think it is more intuitive to use the ActiveDirectory module, SID is even one of the default listed properties:

    import-module ActiveDirectory;

    #show SID:
    (Get-AdUser <samaccountname>).SID.Value;

    #sid - to user/group/whatever:
    Get-AdObject -ldapFilter "(objectSID=<the-sid>)";


    regards
    /lp

    ReplyDelete