Home img Security Identifieres | Windows Forensics

img Security Identifieres | Windows Forensics

100 Day's Of Cybersecurity - Day 8


Understanding Security Identifiers (SIDs) in Active Directory

Security Identifiers (SIDs) play a crucial role in Windows Server’s Active Directory Domain Services (AD DS). SIDs are unique alphanumeric strings that represent security principals such as users, groups, and computers within a Windows domain. In this article, we’ll explore the significance of SIDs and delve into some of the commonly encountered SIDs.

What is a Security Identifier (SID)?

A Security Identifier (SID) is a unique identifier that is assigned to each security principal in a Windows environment. It is a fundamental component of the security infrastructure and is used to control access to resources, validate user accounts, and manage permissions.


Commonly Encountered SIDs

Well-known SIDs

Well-known SIDs are predefined and have the same value on all Windows systems. Here are some well-known SIDs:

Table 1: Well-known SIDs

S-1-0Null SID
S-1-1World SID
S-1-2Local SID
S-1-3Creator Owner SID
S-1-4Creator Group SID
S-1-5NT Authority SID

Built-in Domain SIDs

Built-in domain SIDs are used to represent built-in domain groups and users. Here are some examples:

Table 2: Built-in Domain SIDs

S-1-5-11Authenticated Users SID
S-1-5-32-544Administrators SID
S-1-5-32-545Users SID
S-1-5-32-546Guests SID

Object-specific SIDs

Object-specific SIDs are generated for individual objects in the Active Directory. For example:

Table 3: Object-specific SIDs

S-1-5-21--500Domain Administrator SID
S-1-5-21--512Domain Users SID
S-1-5-21--515Domain Computers SID


Understanding Security Identifiers (SIDs) is essential for managing security in a Windows Server environment. Whether dealing with well-known SIDs, built-in domain SIDs, or object-specific SIDs, each identifier plays a critical role in controlling access and permissions.

For more detailed information and a comprehensive list of SIDs, refer to the official Microsoft documentation.

Remember, proper SID management is crucial for maintaining a secure and well-organized Active Directory environment. Stay informed, and ensure that your Windows Server is configured with optimal security practices.

This post is licensed under CC BY 4.0 by the author.

img CFReD | Nist | Hacking Case

img Ericzimmerman Tools | Windows Forensics