-
Notifications
You must be signed in to change notification settings - Fork 92
/
Convert-SID.ps1
128 lines (89 loc) · 3.59 KB
/
Convert-SID.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
Function Convert-SID {
<#
.SYNOPSIS
This cmdlet is for translating an SID to a username or a username to an SID.
.PARAMETER Username
If the username parameter value is specified it this cmdlet will result in the SID value of the user.
.PARAMETER SID
If the SID parameter value is specified this cmdlet will result in the username value associated with the SID.
.EXAMPLE
$Pipe = New-Object PSObject -Property @{SID='S-1-5-21-2860287465-2011404039-792856344-500'} ; $Pipe | Convert-SID
# This example uses the pipeline to convert an SID to a username
.EXAMPLE
Convert-SID -Username 'j.smith'
# This example gets the SID for j.smith
.EXAMPLE
Convert-SID -Username j.smith@domain.com
# This example gets the SID for user j.smith
.EXAMPLE
Convert-SID -SID S-1-5-21-2860287465-2011404039-792856344-500
# This example converts the SID value to a username
.EXAMPLE
Convert-SID -SID 'S-1-5-21-2860287465-2011404039-792856344-500'
# This example converts the SID value to a username
.NOTES
Author: Robert H. Osborne
Alias: tobor
Contact: rosborne@osbornepro.com
.LINK
https://osbornepro.com
https://writeups.osbornepro.com
https://btpssecpack.osbornepro.com
https://github.com/tobor88
https://gitlab.com/tobor88
https://www.powershellgallery.com/profiles/tobor
https://www.linkedin.com/in/roberthosborne/
https://www.credly.com/users/roberthosborne/badges
https://www.hackthebox.eu/profile/52286
.INPUTS
System.Array of Usernames or SIDs can be piped to this cmdlet based on property value name.
.OUTPUTS
System.Management.Automation.PSCustomObject
#>
[CmdletBinding(DefaultParameterSetName = 'Username')]
param(
[Parameter(
ParameterSetName='Username',
Position=0,
Mandatory=$True,
ValueFromPipeLine=$True,
ValueFromPipeLineByPropertyName=$True)] # End Parameter
[ValidateNotNullOrEmpty()]
[Alias('User','SamAccountName')]
[String[]]$Username,
[Parameter(
ParameterSetName='SID',
Position=0,
Mandatory=$True,
ValueFromPipeLine=$True,
ValueFromPipeLineByPropertyName=$True)] # End Parameter
[ValidateNotNullOrEmpty()]
[ValidatePattern('S-\d-(?:\d+-){1,14}\d+')]
[String[]]$SID) # End param
BEGIN {
$Obj = @()
Write-Verbose -Message "[*] Obtaining username and SID information for defined value"
} PROCESS {
For ($i = 0; $i -lt (Get-Variable -Name ($PSCmdlet.ParameterSetName) -ValueOnly).Count; $i++) {
$Values = Get-Variable -Name ($PSCmdlet.ParameterSetName) -ValueOnly
New-Variable -Name ArrayItem -Value ($Values[$i])
Switch ($PSCmdlet.ParameterSetName) {
SID {
$ObjSID = New-Object -TypeName System.Security.Principal.SecurityIdentifier($ArrayItem)
$ObjUser = $ObjSID.Translate([System.Security.Principal.NTAccount])
} # End Switch SID
Username {
$ObjUser = New-Object -TypeName System.Security.Principal.NTAccount($ArrayItem)
$ObjSID = $ObjUser.Translate([System.Security.Principal.SecurityIdentifier])
} # End Switch Username
} # End Switch
$Obj += New-Object -TypeName "PSObject" -Property @{
Username = $ObjUser.Value
SID = $ObjSID.Value
} # End Property
Remove-Variable -Name ArrayItem
} # End For
} END {
Return $Obj
} # End BPE
} # End Function Convert-SID