Mark Russinovich wrote about "The Machine SID Duplication Myth" on his blog last year where he explained why he had retired a utility called "NewSID" that he had written more than a decade ago.

Today, I saw an e-mail that referenced to this article. And while reading the discussion, I started to wonder if there was a way to list SIDs of users using PowerShell instead of other well-known tools like SysInternals utility PSGetSID.

I was almost sure that it would be somewhere in WMI but obvious first question with WMI is how to find it. I remembered seeing Jeff Snover's blog on 'Exploring WMI' which gave me an idea about how to look. I had to start somewhere to search for SIDs so I started searching for WMI classes that included keyword 'account':

PS C:\> gwmi -list *account* |ft -auto

NameSpace: ROOT\cimv2

Name                Methods  Properties
----                -------  ----------
Win32_Account       {}       {Caption, Description, Domain, InstallDate...}
Win32_UserAccount   {Rename} {AccountType, Caption, Description, Disabled...}
Win32_SystemAccount {}       {Caption, Description, Domain, InstallDate...}
Win32_AccountSID    {}       {Element, Setting}

Win32_AccountSID seemed like the best match but it turned out a bit more difficult to read than I expected:

PS C:\> gwmi win32_accountsid |select element,setting |ft -auto

element                                                                                  setting
-------                                                                                  -------
\\AHFB\root\cimv2:Win32_Group.Domain="AHFB",Name="Administrators"                        \\AHFB\root\cimv2:Win32_SID.SID="S-1-5-32-544"
\\AHFB\root\cimv2:Win32_Group.Domain="AHFB",Name="Distributed COM Users"                 \\AHFB\root\cimv2:Win32_SID.SID="S-1-5-32-562"
\\AHFB\root\cimv2:Win32_Group.Domain="AHFB",Name="Event Log Readers"                     \\AHFB\root\cimv2:Win32_SID.SID="S-1-5-32-573"
\\AHFB\root\cimv2:Win32_Group.Domain="AHFB",Name="Guests"                                \\AHFB\root\cimv2:Win32_SID.SID="S-1-5-32-546"
\\AHFB\root\cimv2:Win32_Group.Domain="AHFB",Name="IIS_IUSRS"                             \\AHFB\root\cimv2:Win32_SID.SID="S-1-5-32-568"

Simply using Win32_UserAccount showed me the user accounts & their SIDS in a cleaner way:

PS C:\> gwmi win32_useraccount |select name,sid |ft -auto

name            sid
----            ---
Adil Hindistan  S-1-5-21-2019936553-3113866535-3325437445-1000
Administrator   S-1-5-21-2019936553-3113866535-3325437445-500
Bezen           S-1-5-21-2019936553-3113866535-3325437445-1002
Guest           S-1-5-21-2019936553-3113866535-3325437445-501
HomeGroupUser$  S-1-5-21-2019936553-3113866535-3325437445-1013
__vmware_user__ S-1-5-21-2019936553-3113866535-3325437445-1012

Similarly, Win32_SystemAccount can be used to display SIDs of System accounts or Win32_Account can display both user and system account info.


Popular Science Archive Available Online

All 137 years of Popular Science magazine has been digitalized and is available here .... courtesy of Google Books!