This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
folks,
In my windows 10 devices (just autopilot imaged, AAD joined), under local administrators group, I am seeing some Two SIDs listed like
S-1-12-1-698813523-XXXXXXXXXX-XXXXXXXXX-XXXXXX
S-1-12-1-809045407-XXXXXXXXXX-XXXXXXXXX-XXXXXX
how can i find account or group name for these SID. I know they belong to global group in azure. i ran few powershell azureaduser but didn't give me account name. we are totally in Azure cloud and these computers are AAD Joined.
Resolved!!!! virtual thanks to Oliver Kieselbach on this blog: https://oliverkieselbach.com/2020/05/13/powershell-helpers-to-convert-azure-ad-object-ids-and-sids/
So i converted sid link i have put above, got Object id for each SID.
Run Get-AzureADDirectoryRole and it matches object id to :
## Global Administrator
##Azure AD Joined Device Local Administrator
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
Or use the Graph Explorer to GET https://graph.microsoft.com/v1.0/directoryRoles
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Arif Usman Thanks for reaching out. Those would be the administrator added to devices using this option probably :
Since you have only 2 SIDs you can use this manual method to find them.
1) You can navigate to Registry path : Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
2) Select your corresponding SID
3) Check the Profile Image Path value. This should contain the account name.
If the suggested response helped you resolve your issue, please do not forget to accept the response as Answer and "Up-Vote" for the answer that helped you for benefit of the community.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi,
When you connect a Windows device with Azure AD using an Azure AD join, Azure AD adds the following security principals to the local administrators group on the device
· The Azure AD global administrator role
· The Azure AD device administrator role
· The user performing the Azure AD join
See more info at https://learn.microsoft.com/en-us/azure/active-directory/devices/assign-local-admin.
Hope this helps.
Cristian
So, little update on this.
I run into this blog by Oliver Kieselbach which converts sids to Objectidhttps://oliverkieselbach.com/2020/05/13/powershell-helpers-to-convert-azure-ad-object-ids-and-sids/
It talks about same think i was looking for SIDs under administrators group. Now when i convert to ObjectID, I can't find reference in AAD. Any thoughts?