December 1, 2010

How do I find an account with the SID?

Recently after our DR exercise, there was an issue. The swing to DR was successful and tested, but after the swing back to Production, one of the folders on a mounted disk had a missing local account permission and one extra permission which is pure SID. I had to identify whether this SID was the missing permission.

After some quick research, I found a good article from the Scripting Guy that teaches how to identify an account with its SID, and vice versa.

Turns out the SID was the local account of the DR server. I suspect the account must have synced back as part of data return from DR to Production. However, as to why the original Production local account was missing, I could only hazard a guess that someone must have removed it during the DR exercise while adding the DR local account, because it would have appeared as a SID too in the DR server.




  1. Copy below text and paste into a text file. Save as .vbs file (eg. SID.vbs)

    strComputer = "."
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

    Set objAccount = objWMIService.Get _
        ("Win32_SID.SID='S-1-5-21-1454471165-1004336348-1606980848-5555'")
    Wscript.Echo objAccount.AccountName
    Wscript.Echo objAccount.ReferencedDomainName


  2. Run script in command prompt -> cscript SID.vbs

I take no credit for this piece of code, its all from the Scripting Guy. Visit here for the code on reverse scenario (i.e. to get the SID of an account). Works for both domain and local accounts.



No comments:

Post a Comment