Skip to content

convert SID to Byte Array and back (windows access control)

2011/09/11

when playing around with permissions every now and than you need a different presentation of  the security descriptor

You have an SID and need it as a byteArray
$sid = “1-5-21-44445-665656-99999-512”
$ADobj = [ADSI] “LDAP://;”
$byteArray = [byte[]] $ADobj.ObjectSID.value

You have a byte array and want the SID or the windows login name

$byteArr   = [byte[]] someFancyFunction
$identifier = New-Object System.Security.Principal.SecurityIdentifier($byteArr, 0)

The SID as you see it here and there is

$identifier.value
The´translate function can give you the domain\user account for that:
$identifier.Translate([System.Security.Principal.NTAccount])

…..

SDDL

Advertisements

From → powershell

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: