PrzemyslawKlys/Get-Sid.ps1

## Get-Sid.ps1
function Get-Sid {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $true, Position = 0)]
        [System.String]
        $Account,

        [Parameter(Mandatory = $false, Position = 1)]
        [System.String]
        $Domain = $null
    )

    Add-Type -TypeDefinition @'
        using System;
        using System.Runtime.InteropServices;
        using System.Text;

        public enum SID_NAME_USE
        {
            SidTypeUser = 1,
            SidTypeGroup,
            SidTypeDomain,
            SidTypeAlias,
            SidTypeWellKnownGroup,
            SidTypeDeletedAccount,
            SidTypeInvalid,
            SidTypeUnknown,
            SidTypeComputer
        }

        public class NativeMethods
        {
            [DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError = true)]
            public static extern bool LookupAccountName (
                string lpSystemName,
                string lpAccountName,
                [MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
                ref uint cbSid,
                StringBuilder ReferencedDomainName,
                ref uint cchReferencedDomainName,
                out SID_NAME_USE peUse);
        }
'@

    $NO_ERROR = 0
    $ERROR_INSUFFICIENT_BUFFER = 122
    $ERROR_INVALID_FLAGS = 1004

    $sidBytes = $null
    $sidByteCount = 0
    $referencedDomainName = New-Object System.Text.StringBuilder
    $referencedDomainNameCharCount = [System.UInt32]$referencedDomainName.Capacity
    [SID_NAME_USE]$sidNameUse = [SID_NAME_USE]::SidTypeUnknown

    $errorCode = $NO_ERROR

    if (-not [NativeMethods]::LookupAccountName($Domain, $Account, $sidBytes, [ref]$sidByteCount, $referencedDomainName, [ref] $referencedDomainNameCharCount, [ref] $sidNameUse)) {
        $errorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
        if ($errorCode -eq $ERROR_INSUFFICIENT_BUFFER -or $errorCode -eq $ERROR_INVALID_FLAGS) {
            $sidBytes = New-Object Byte[]($sidByteCount)
            $null = $referencedDomainName.EnsureCapacity([int]$referencedDomainNameCharCount)
            $errorCode = $NO_ERROR

            if (-not [NativeMethods]::LookupAccountName($Domain, $Account, $sidBytes, [ref]$sidByteCount, $referencedDomainName, [ref] $referencedDomainNameCharCount, [ref] $sidNameUse)) {
                $errorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
            }
        }
    } else {
        $displayAccount = ""

        if (-not [string]::IsNullOrEmpty($Domain)) {
            $displayAccount += "$Domain\"
        }

        $displayAccount += $Account

        throw "Account '$displayAccount' could not be translated to a SID."
    }

    if ($errorCode -eq $NO_ERROR) {
        $sid = New-Object System.Security.Principal.SecurityIdentifier($sidBytes, 0)
        Write-Output $sid
    } else {
        throw (New-Object System.ComponentModel.Win32Exception($errorCode))
    }
}
	function Get-Sid {
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $true, Position = 0)]
	[System.String]
	$Account,

	[Parameter(Mandatory = $false, Position = 1)]
	[System.String]
	$Domain = $null
	)

	Add-Type -TypeDefinition @'
	using System;
	using System.Runtime.InteropServices;
	using System.Text;

	public enum SID_NAME_USE
	{
	SidTypeUser = 1,
	SidTypeGroup,
	SidTypeDomain,
	SidTypeAlias,
	SidTypeWellKnownGroup,
	SidTypeDeletedAccount,
	SidTypeInvalid,
	SidTypeUnknown,
	SidTypeComputer
	}

	public class NativeMethods
	{
	[DllImport("advapi32.dll", CharSet=CharSet.Auto, SetLastError = true)]
	public static extern bool LookupAccountName (
	string lpSystemName,
	string lpAccountName,
	[MarshalAs(UnmanagedType.LPArray)] byte[] Sid,
	ref uint cbSid,
	StringBuilder ReferencedDomainName,
	ref uint cchReferencedDomainName,
	out SID_NAME_USE peUse);
	}
	'@

	$NO_ERROR = 0
	$ERROR_INSUFFICIENT_BUFFER = 122
	$ERROR_INVALID_FLAGS = 1004

	$sidBytes = $null
	$sidByteCount = 0
	$referencedDomainName = New-Object System.Text.StringBuilder
	$referencedDomainNameCharCount = [System.UInt32]$referencedDomainName.Capacity
	[SID_NAME_USE]$sidNameUse = [SID_NAME_USE]::SidTypeUnknown

	$errorCode = $NO_ERROR

	if (-not [NativeMethods]::LookupAccountName($Domain, $Account, $sidBytes, [ref]$sidByteCount, $referencedDomainName, [ref] $referencedDomainNameCharCount, [ref] $sidNameUse)) {
	$errorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	if ($errorCode -eq $ERROR_INSUFFICIENT_BUFFER -or $errorCode -eq $ERROR_INVALID_FLAGS) {
	$sidBytes = New-Object Byte[]($sidByteCount)
	$null = $referencedDomainName.EnsureCapacity([int]$referencedDomainNameCharCount)
	$errorCode = $NO_ERROR

	if (-not [NativeMethods]::LookupAccountName($Domain, $Account, $sidBytes, [ref]$sidByteCount, $referencedDomainName, [ref] $referencedDomainNameCharCount, [ref] $sidNameUse)) {
	$errorCode = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
	}
	}
	} else {
	$displayAccount = ""

	if (-not [string]::IsNullOrEmpty($Domain)) {
	$displayAccount += "$Domain\"
	}

	$displayAccount += $Account

	throw "Account '$displayAccount' could not be translated to a SID."
	}

	if ($errorCode -eq $NO_ERROR) {
	$sid = New-Object System.Security.Principal.SecurityIdentifier($sidBytes, 0)
	Write-Output $sid
	} else {
	throw (New-Object System.ComponentModel.Win32Exception($errorCode))
	}
	}