How do I Find user SID from Registry

by vinayralph at 2013-01-15 19:43:35


I need to find the SID from username from the Registry.
If I am correct
$ob = New-Object System.Security.Principal.NTAccount(“Domain\Username”) would search the AD and if the user exists then

$sid = $ob.Translate([System.Security.Principal.SecurityIdentifier]) would be successful.

The situation with me is that the user does not exist in the AD but the profile is there on the computer. If it was one user I could Search the Registry and and delete but that is not the case.

I am looking for a way to get the SID from the Registry for a given username.

Any help would be appreciated.

by nohandle at 2013-01-16 01:07:48
in the registry there is key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList<SID>
In there there is ProfileImagePath value containing path to the C:\users<username> folder.
It should be pretty easy to go through the keys, find the right username and extract the SID and username using split-path (and its -leaf parameter).
by ArtB0514 at 2013-01-16 07:45:28
The ScriptingGuy has quite a few entries about working with SIDs. Go to and search for “translate SID"
by RichardSiddaway at 2013-01-16 14:15:58
To see the SIDs, domain and account name just run this
function get-SID {
param (
[string]$computername = $env:COMPUTERNAME

Get-WmiObject -Class Win32_AccountSID -ComputerName $computername |
foreach {
$da = (($.Element).Split(".")[1]).Split(",")
$sid = ($
.Setting -split “=”)[1] -replace '”’,’’

$props = [ordered]@{
Domain = ($da[0] -split “=”)[1] -replace ‘"’,’’
Account = ($da[1] -split “=”)[1] -replace ‘"’,’’
SID = $sid

New-Object -TypeName PSObject -Property $props

by RichardSiddaway at 2013-01-16 23:59:49
Ok the embarrassing moral of this story is that you shouldn’t answer questions in a hurry at the end of the evening. 5 minutes after shutting down I realised that there is a far, far simpler way to get the info. Win32_AccountSID is a WMI linking class. It links Win32_SystemAccount and Win32_SID classes.

Get-WmiObject -Class Win32_SystemAccount | select Caption, Domain, Name, SID, LocalAccount

gets you all you need
by Vern Anderson at 2013-01-28 11:48:06 I know it’s not Powershell but I hope it helps you
by vinayralph at 2013-01-30 01:50:52
Hi and thanks every one for your replies.

nohandle & Vern Anderson- I can browse the registry and locate the SID for a Required user but here the number of users is around 100.

RichardSiddaway - The solutions rely on Get-WmiObject. This I believe requires an AD object to be present. In other words the user must exist in the AD.

My situation is that the user does not exist in the AD, however the profile exists in the registry and the users folder.

What I am trying to do is read the Profielist Key in the registry and then for each of its subkey (SID’s) I am checking if the ProfileImagePath value matches with <location\userID> (c:\UserID)

Here is the code that I have

Function Get-SID-Reg(){
Param($MachineName = “.”)
$ProfPath= “\$MachineName\c$\users$SearchForUser”
$key = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”
$UsersProfileKey = “SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList”
$Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(‘LocalMachine’, $MachineName)
$RegKey= $Reg.OpenSubKey("$UsersProfileKey")
Foreach($sub in $regKey.GetSubKeyNames()) {
$RegProfCount = $RegProfCount + 1
$profileSubKey = $key + “&quot; + $sub #Redfine Key to search for user ID
$regKey = [Microsoft.Win32.RegistryKey]]::LocalMachine, $strComputer) #Connect to Remote Machine
$regKey = $regKey.OpenSubKey($profileSubKey) #Open Key
Foreach($val in $regKey.GetValueNames()){
if($val -eq “ProfileImagePath”) { #Singles out the ProfileImagePath Value
if($regKey.GetValue(”$val") -eq $RegProfPath) { #Checks to see if the user’s Id is indexed within the Value’s value
$userProfileID = $sub #Captures Profile ID

It does read the registry key and checks for the value but after a particular SID it starts generating errors “You cannot call a method on a null valued expression”. The error is displayed for a fey subkeys that it reads and then starts showing the correct values. I am unable to find out why this particular error is being thrown.

Any help would be appreciated.
by nohandle at 2013-01-30 02:41:29
Which line does throw the error? have you stepped through the code?
by vinayralph at 2013-01-30 19:33:21
The code starts to read the subkeys under ProfileList key, reads the first 3 subkeys displayes the values and starts giving error continuously and then starts displaying values for another subkey which is much below down the list. After this subkey it again starts giving errors for some time and then starts displaying values for the Last subkey. (The images in the attachment are in that order).

The error is displayed at line 15 in the code above “Foreach($val in $regKey.GetValueNames()){

by vinayralph at 2013-01-31 23:54:41
Hi All,
This has been resolved. The error was because of wrong machine selected in line 13 in the code above. The variable $strComputer was looking at the local machine whereas the variable $MachineName was for the remote machine where all the action should be taking place. replaced $strComputer with $MachineName and it is working fine now.

Thank you all for your responses.