SID account to username

tolinrome
tolinrome used Ask the Experts™
on
I have a huge list of SIDs that I would like to see if they are tied to any user accounts. Since the accounts are old (mostly) and I'm sure the tombstone life of them in AD are expired, I know I was able to find a couple of usernames by looking in the registry in the profiels directory where there are alot of SID accounts.
Since there are a large amount of SIDs it would be tedious and very time consumimng to individual search for each one of them.

I downloaded PSTools and there is a command called "psgetsid". I'm trying to find a way to enter all the SIDs in a txt file and then run the command to see if anything mataches a username.

Here's the command I used and the error I'm getting. Any help why? The file sid.txt is in the current directory.

C:\Windows\System32>psgetsid @file sid.txt

PsGetSid v1.44 - Translates SIDs to names and vice versa
Copyright (C) 1999-2008 Mark Russinovich
Sysinternals - www.sysinternals.com

Error opening file:
The system cannot find the file specified.

Here are the help contents of psgetsid:


Usage: psgetsid [\\computer[,computer2[,...] | @file] [-u Username [-p Password]
]] [account | SID]
     -u         Specifies optional user name for login to
                remote computer.
     -p         Specifies optional password for user name. If you omit this
                you will be prompted to enter a hidden password.
     account    PsGetSid will report the SID for the specified user account
                rather than the computer.
     SID        PsGetSid will report the account for the specified SID.
     computer   Direct PsGetSid to perform the command on the remote
                computer or computers specified. If you omit the computer
                name PsGetSid runs the command on the local system,
                and if you specify a wildcard (\\*), PsGetSid runs the
                command on all computers in the current domain.
     @file      PsGetSid will execute the command on each of the computers listed

                in the file.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Vincent BastianonAzure Support Escalation Engineer

Commented:
You sure that the "sid.txt" file is located in you "%SYSTEMROOT%\System32" ?

Cheers,
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - Consultant
Top Expert 2013

Commented:
The script is looking for the sid.txt file from C:\Windows\System32\sid.txt, is this file present at this location?

regards

Author

Commented:
yes 100%. But looking at the help it says that:

 "@file      PsGetSid will execute the command on each of the computers listed in the file."

I didnt put the computer names in the file, only the SIDs. I was hoping it would pick that up instead.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Emmanuel AdebayoGlobal Windows Infrastructure Engineer - Consultant
Top Expert 2013

Commented:
I see, no, you need to include the computername/servername that you are trying to check the SIDs of groups/users that are on that server.

Regrda

Author

Commented:
do you know of any way or program to do this process quicker, like an import of many SIDs that can be imported and referenced somehow?
Emmanuel AdebayoGlobal Windows Infrastructure Engineer - Consultant
Top Expert 2013

Commented:
No, that is the only one I know.

Is your command as psgetsid @file sid.txt, it suppose to be psgetsid @sid.txt

Author

Commented:
yes, I tried that also, to no avail.

Author

Commented:
I've requested that this question be deleted for the following reason:

No solution to question.
Top Expert 2014
Commented:
You're giving up on the question way too easily.
You could write batch file that would utilize PsGetSid, passing each SID to the command.  You could also use PowerShell or VBScript.

Are all these SID for domain accounts?  Do the accounts still exist?  If not then you won't be able to match anything up.
The .BAT file could be as simple as
@echo off
for /f %%i IN (sids.txt) DO c:\SysinternalsSuite\PsGetsid.exe %%i

Open in new window


Using AD cmdlets in PowerShell you could do something like
gc sids.txt | % { (get-aduser $_).name }

Open in new window

or using WMI
gc sids.txt | % { (gwmi win32_useraccount -filter "SID = '$_'").name }

Open in new window

Author

Commented:
ok thanks for the help on the batch file and powershell. Since I know literally nothing about scripting, I would need to know how to do it literally step by step though, which would be easier powershell?
About the SIDs, yes they are all domain accounts, some (probably most I suspect) have already been deleted, but this action will at least verify that for sure. Its even ok if all of them come up with no account to reference to, as long as I give it a shot to see.
Thanks.

Author

Commented:
Ok, I actually got the script working. The only help I need is to have the results out to a text file since the results are so long.

Author

Commented:
Great, it worked. Thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial