Need to find SID for old account

We had an administrator account on our Windows 2000 server which was deleted. I've been told that the SID for this account should still be on the computer somewhere, but I don't know where to look.

Is it still on the computer and if so, how do I find it.

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

oBdAConnect With a Mentor Commented:
On a machine that this account has logged on at least once, open regedit and go to
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
In there, you'll find a number of keys with SIDs as names; one of those SIDs is the one you're looking for. Those keys will have a value "ProfileImagePath", pointing to the user's profile. Look at this path to determine the key that belonged to the account you're looking for.
Here is a script that will tell you the sid of the admin account
Copy and paste the code below into a notepad file and save it with a .vbs extension
From your profile it looks like you are familiar with vb but here is a brief description for you:
This script is going to grab the SID of the guest account which always ends in 501.
It will then change it to end in 500 which is always the administrator account

Then ( just in case ) it is going to check to see if by some chance someone has renamed the administrator account.
You will see 2 message boxes as output.
It will also create a file called AdminSid.txt on the root of your C drive with the info

Let us know how it goes and if it errors out on anything

Is this in a domain ?
If so is this a DC or just a member server ?

'!!Begin Copy
Const ForAppending = 8
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select sid from Win32_UserAccount where name = 'guest'", , 48)

For Each objItem In colItems
    SLen = Len(objItem.SID)
    SADmin = Left(objItem.SID, (SLen - 1)) & 0
    MsgBox SADmin

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select name, fullname from Win32_UserAccount where sid ='" & SADmin & "' ", , 48)

For Each objItem In colItems
   sName = objItem.Name
   MsgBox "Name of Admin account is: " & objItem.Name

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile _
    ("C:\AdminSid.txt", ForAppending, True)

objTextFile.WriteLine "Sid of Admin Acct is " & SADmin
objTextFile.WriteLine "Name of Admin account is: " & sName
'!!End Copy
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

nathankaaAuthor Commented:
It is a Domain Controller.
nathankaaAuthor Commented:
Just to clarify, the account was not the actual administrator accout, it was an account the had administrative rights. Sorry about that.

It was deleted and we are trying to see if we can find the SID for it.

OK How about this:

Viewing deleted objects in Active Directory;EN-US;258310

it uses the ldp.exe tool which if its not already installed I think it is part of the support tools in the support\tools folder of your Windows CD

or here you can get it here:
Windows XP Service Pack 2 Support Tools
Wayne BarronCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
[Accept: oBdA]

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer
All Courses

From novice to tech pro — start learning today.