Get SID for each member of a local group

active-directorygroupssecurity-groupssid

On an Active Directory domain member running Windows 7 I have a local group. It has users and other groups as members:

How can I obtain the SID for each member of this local group? I'm aware of the Sysinternals utility PSGetSid but it doesn't seem to be able to enumerate group members.

Best Answer

Here's a Powershell function you should be able to use. I only tested it on Windows 10, but I don't think it's using anything that wasn't available in Windows 7.

Function Get-LocalGroupMembers  {

[Cmdletbinding()] 
Param( 
    [Parameter(Mandatory=$true)]
    [string]$GroupName
)

[adsi]$adsiGroup = "WinNT://$($env:COMPUTERNAME)/$GroupName,group"

$adsiGroup.Invoke('Members') | %{

    $username = $_.GetType().InvokeMember('Name','GetProperty',$null,$_,$null)
    $path = $_.GetType().InvokeMember('AdsPath','GetProperty',$null,$_,$null).Replace('WinNT://','')
    $class = $_.GetType().InvokeMember('Class','GetProperty',$null,$_,$null)
    $userObj = New-Object System.Security.Principal.NTAccount($username)
    $sid = $userObj.Translate([System.Security.Principal.SecurityIdentifier])

    [pscustomobject]@{
        Username = $username
        Type = $class
        SID = $sid
        Path = $path
    }

}

}

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

try

dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members

Linux computer (Debian) in a Windows Active Directory Domain, Administrator of AD should have root permission after login

You should not try to map the uid to root, nor the gid this way.

If you to give the Administrators root privileges on the system, you could use sudo. You could use the Windows Group for granting the sudo privileges (Domain-Admins).

Best Answer

Related Solutions

Windows Active Directory – Command Line to List Users in a Group

Linux computer (Debian) in a Windows Active Directory Domain, Administrator of AD should have root permission after login

Related Topic