Getting users SID, or reverse


I had a few tasks concerning migrating AX from one to another domain.

What was needed (after the users was migrated) – was an update of the users SID in the UserInfo table.

 

First you will need to get the users SID (from the new domain). Dont let the whole AX thing distract you. Its all about the SID, and the AX part is just for applying it to some realworld stuff 🙂

 

First – you’ll need to include the ActiveDirectory module.

Import-Module ActiveDirectory

Then it is straight forward:

(Get-ADUser Dal).Sid.Value

S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-3316730627-1683

now to update the AX UserInfo table, you would need the SID from the new user as well, and the logon-domain name and samAccountname. Then is simply just to replace the SID and logon domain values in the SQL table:

UPDATE userinfo SET SID='S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-3316730627-1683', NetWorkDomain='xxxxxxxxad.com' WHERE ID='dal'

 

Now, the other way around – if you for some reason needed to lookup a user from a SID:

$objSID = New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-3316730627-1683")
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
$objUser.Value
xxxxxxxxAD\dal

 

There you go.

Leave a comment

Your email address will not be published. Required fields are marked *