Many times while looking at event logs or parsing through a registry the SID of an account is listed instead of the actual logon domain and name. PoSh it and convert it. Let's see what we get!
FUNCTION
function ConvertSID ($sid) {
$secID = New-Object System.Security.Principal.SecurityIdentifier $sid
($secID.Translate([System.Security.Principal.NTAccount])).Value
}
$secID = New-Object System.Security.Principal.SecurityIdentifier $sid
($secID.Translate([System.Security.Principal.NTAccount])).Value
}
Simply pass this function an acutal SID and it will return the account name associated to it.
USAGE
ConvertSID S-1-5-18
This will return NT AUTHORITY\SYSTEM
0 comments:
Post a Comment