如何查询SID及根据SID反查对应的账户<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

1PsGetSid
  PsGetSidPsTools工具集中,由sysinternals发布,目前的最新版本是2.44。个人感觉sysinternals的工具功能非常强大也非常好用,如果用好这些工具工作效率大为提高。
下载地址:http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx

下面是使用psgetsid查询sid实例
C:\Documents and Settings\psyadmin>psgetsid /?

查询本机sid
C:\Documents and Settings\psyadmin>psgetsid

 

查询SID对应的主机名
C:\Documents and Settings\psyadmin>psgetsid S-1-5-21-1665000383-1530267105-35274
31458

 

查询网络主机SID
C:\Documents and Settings\psyadmin>psgetsid \\192.168.0.78 -u psyadmin

PsGetSid v1.43 - Translates SIDs to names and vice versa
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals -
www.sysinternals.com


Password:
SID for \\192.168.0.78:
S-1-5-21-1214440339-2139871995-839522115


对方主机防火墙关闭文件和打印机共享,不能连接135端口导致找不到网络路径
C:\Documents and Settings\psyadmin>psgetsid \\192.168.0.76 -u psyadmin

PsGetSid v1.43 - Translates SIDs to names and vice versa
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals -
www.sysinternals.com

Password:
Couldn't access 192.168.0.76:
找不到网络路径。

Make sure that the default admin$ share is enabled on 192.168.0.76.

查询本地用户SID
C:\Documents and Settings\psyadmin>psgetsid admin

PsGetSid v1.43 - Translates SIDs to names and vice versa
Copyright (C) 1999-2006 Mark Russinovich
Sysinternals -
www.sysinternals.com


SID for BEACON\admin:
S-1-5-21-1665000383-1530267105-3527431458-1625

2whoami

使用whoami查询
C:\Documents and Settings\Administrator>whoami /all

3
dsget user
  在域控制器上可以用dsget user查看用户的属性信息,但是dsget user需要写全ldap路径,个人比较懒还是用图形界面看比较方便,呵呵。通过dsget user查询到的SIDpsgetsidacctinfo查询到的一致。
C:\Documents and Settings\psyadmin>dsget user "CN=admin,OU=domainadmins,DC=beacon,DC=local" -sid
  sid
  S-1-5-21-1665000383-1530267105-3527431458-1625
dsget
成功

4
、使用脚本查询SID
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set objAccount = objWMIService.Get _
    ("Win32_UserAccount.Name='administrator',Domain='pc0406-09'")
Wscript.Echo objAccount.SID
'("Win32_UserAccount.Name='admin',Domain='beacon'")--
查看域beacon.com用户adminSID号,该script只能在beacon.com域内主机上运行。
'("Win32_UserAccount.Name='administrator',Domain='pc0406-09'")--
查看工作组环境下主机pc0406-09上用户administratorSID号。

 

5、使用脚本根据SID查询对应的账户

strComputer = "."

 

Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

 

 Set objAccount = objWMIService.Get("Win32_SID.SID='S-1-5-21-2745346487-1701105897-3911078134-1583'")

 

Wscript.Echo objAccount.AccountName

 

Wscript.Echo objAccount.ReferencedDomainName