Sometimes you need to convert a Windows SID (security identifier) to an username, or vice versa (username to SID). In this post I show you a couple of methods to translate the one into the other using VBScript and PowerShell.
Old school: learn how to convert a Windows SID (security identifier) to an username, or vice versa (username to SID) using PowerShell and VBScript.
Please note this post is a repost of a real old one (WaybackMachine mirror). I added some additional info, because it still comes in handy sometimes. Therefor I added PowerShell cmdlet equivalents for the VBScripts.
Username to Security Identifier (SID) VBScript example
VBScript? Yikes! For the old-school admins amongst us, here is an VBScript example to lookup an SID by the username. The VBS code utilizes WMI, that’s fine because it’s something we’re familiar with.
Option explicit
Dim objAccount, strComputer, strUser
Dim objWMIService
If WScript.Arguments.Count < 1 Or WScript.Arguments.Count >= 3 Then
Wscript.Echo ""
Wscript.Echo "No or too many arguments provided."
Wscript.Echo "Usage: cscript nametosid.vbs NAME COMPUTER"
Wscript.Quit
Else
strUser = WScript.Arguments(0)
If Wscript.Arguments.Count = 2 Then
strComputer = LCase(Wscript.Arguments(1))
Else
strComputer = "."
End If
End If
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objAccount = objWMIService.Get ("Win32_UserAccount.Name='" & strUser & "',Domain='" & strComputer & "'")
Wscript.Echo ""
Wscript.Echo strUser & " sid: " & objAccount.SID
Wscript.Echo ""
Set objAccount = Nothing
Set objWMIService = NothingRun this on your cmd.exe command prompt:
cscript.exe /nologo nametosid.vbs name computernameLeaving out the computername may error out with the message: nametosid.vbs(21, 1) SWbemServicesEx: Not found.
Username to SID in PowerShell
There are two (well, more…) ways of translating an username to SID in PowerShell, one for domain users (where you have an Active Directory domain), and one for local users:
$objUser = New-Object System.Security.Principal.NTAccount("DOMAIN_NAME", "USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value$objUser = New-Object System.Security.Principal.NTAccount("LOCAL_USER_NAME")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.ValueThese use the System.Security.Principal.NTAccount class of .NET. Using Get-CimInstance / WMI, you can use:
Get-CimInstance -ClassName Win32_UserAccount | ?{$_.Name -eq "USER_NAME"} | Select-Object SID
# or in one go:
# (Get-CimInstance -ClassName Win32_UserAccount | ?{$_.Name -eq "USER_NAME"}).SIDBut what if you want the username belonging to an SID? Translate SIDs to usernames with VBScript and PowerShell:
SID to username with VBScript
A short script to translate a Windows security identifier (SID) to a username in VBScript is:
Option explicit
Dim strSID
strSID = WScript.Arguments(0)
Dim strComputer
strComputer = "."
Dim objWMIService, objSID
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objSID = objWMIService.Get("Win32_SID='" & strSID & "'")
WScript.Echo objSID.SID & ": " & objSID.AccountName
Set objSID = Nothing
Set objWMIService = NothingRun this in your cmd.exe shell, and it’ll print out both the SID and the accompanying username:
cscript.exe .\sidtoname.vbs SID .Use PowerShell to convert SIDs to usernames
Nowadays, we’d better use PowerShell for the job. In PowerShell you can also use WMI or utilize the System.Security.Principal.SecurityIdentifier .NET class to translate an SID into an NTAccount value. For example the following one-liner:
(New-Object System.Security.Principal.SecurityIdentifier("SID")).Translate([System.Security.Principal.NTAccount]).ValueReplace SID with the SID you want to convert. It’ll write out the username. For WMI use:
Get-CimInstance -ClassName Win32_UserAccount | ?{$_.SID -eq "SID"} | Select-Object Name
# or in one go:
# (Get-CimInstance -ClassName Win32_UserAccount | ?{$_.SID -eq "SID"}).NameGet-LocalUser and Get-ADUser PowerShell cmdlets
Also read:
If you want to use “pure” PowerShell cmdlets, and not WMI or .NET classes, then you can always resort to the Get-LocalUser and Get-ADUser PowerShell cmdlets. A quick example of both:
Get-LocalUser | ?{$_.Name -eq "Jan Reilink" } | Select-Object SID
SID
---
S-1-5-21-3839202765-3620038548-2213037064-1002# this one is fabricated, I'm not in an AD network
Get-AdUser -Identity "Jan Reilink" | Select-Object SID
SID
---
S-1-5-21-3839202765-3620038548-2213037064-1002Found this guide helpful? You can support my independent deep dives into Windows Server and DevOps by donating via PayPal. Every bit of support helps keep saotn.org fast and updated!
Summary
- This article explains how to convert a Windows SID to a username, or vice versa, using VBScript and PowerShell.
- VBScript example utilizes WMI to look up an SID by username and requires cmd.exe to run.
- PowerShell offers multiple methods to translate usernames to SIDs for both domain and local users.
- A straightforward PowerShell one-liner can convert an SID into a username using .NET classes or cmdlets.
- Get-LocalUser and Get-ADUser PowerShell cmdlets are recommended for pure PowerShell solutions.
![[HttpException (0x80004005): The length of the URL for this request exceeds the configured maxUrlLength value.]](https://cdn.saotn.org/wp-content/uploads/2025/06/Length_of_URL_for_request_exceeds_maxUrlLength_value-11-150x150.png)
