Wscript.Echo objAccount.ReferencedDomainName Can you do that? Of course you can: strComputer = “.” Of course, it’s possible that you might need to go the other direction that is, you might have a SID and need to know which account that SID belongs to. For example, this script returns the SID for the local user account kenmyer on the computer atl-ws-01: strComputer = “.” The only difference is that you don’t specify a domain name for the Domain parameter instead, you specify the name of the local computer. Incidentally, this works just as well for local user accounts. After that, it’s simply a matter of echoing the SID, which we do in the last line of the script. Instead, we have to use Get and specify a particular user account. Notice we don’t use ExecQuery and return a collection of all the SIDs in our domain that won’t work. All we do here is connect to the WMI service, and then use the Get method to bind to a specified instance of the Win32_UserAccount class. (“Win32_UserAccount.Name=’kenmyer’,Domain=’fabrikam'”)Īs you can see, the SID is practically longer than the script. Set objWMIService = GetObject(“winmgmts:\\” & strComputer & “\root\cimv2”) So how do we find a user’s SID? Well, we use a script similar to this, which returns the SID for the user kenmyer with an account in the fabrikam domain: strComputer = “.” You might be able to live your entire scripting life without ever needing to know a user’s SID.
#Toby returns the office script windows#
WMI’s security classes, for example, rely on SIDs likewise, the Windows registry tracks user profiles by SID rather than by name (take a look at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to see what we mean). However, there are times when it’s useful to know which SID goes with which user account. Most of the time you don’t need to worry about SIDs, which is good: obviously it’s easier to deal with an account name like kenmyer than it is to deal with a SID like S-1-5-21-1454471165-1004336348-1606980848-5555.
It’s like your Social Security Number which – assuming you haven’t had your identify hijacked – uniquely identifies you regardless of the name you go by. For example, you can rename the Administrator account on a computer and still use that account to function as an administrator because Windows doesn’t really care what the name is Windows still knows that this account is the Administrator account because the SID remains the same regardless of the account name. For our purposes, we’ll just say that SID is how the operating system keeps track of accounts. For those of you whose eyes glaze over any time they see an acronym (not that we blame you), SID is short for Security Identifier. Hey, Scripting Guy! How can I determine the SID for a user account?