find out domain user account from corrupted SID

Posted on 2009-02-16
Last Modified: 2012-08-14
Hi all,
Wondering if its possible to find out what domain user/group accounts used to reside within the "administrators" group after corrupt SID disjoined the server account from the domain.  Currently, now all I see is the very long alpha-numeric string (for ex: S-1-5-21-2871644435-3958900132-1302727681-3)
Is there any way to see what user or group that this string is associated with?  Thanks for any input!
I realize that I can probably rejoin the domain and it will come back, but I thought it would be handy to know if this is possible.  Sometimes I see this string when looking at folder/file permissions and want to know what user or group it belonged to.  
Question by:HelpyHelperton
    LVL 57

    Accepted Solution

    Download adfind
    Then try
    adfind -default -f  "objectsid= S-1-5-21-2871644435-3958900132-1302727681-3"
    See if that returns the object for you

    Author Comment

    thanks, as soon as I get a chance I will download and test!

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Starting in Windows Server 2008, Microsoft introduced the Group Policy Central Store. This automatically replicating location allows IT administrators to have the latest and greatest Group Policy (GP) configuration settings available. Let’s expl…
    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now