2.4.2 SID

msdn link

A security identifier (SID) uniquely identifies a security principal. Each security principal has a unique SID that is issued by a security agent. The agent can be a Windows local system or domain. The agent generates the SID when the security principal is created. The SID can be represented as a character string or as a structure. When represented as strings, for example in documentation or logs, SIDs are expressed as follows:


The top-level issuer is the authority. Each issuer specifies, in an implementation-specific manner, how many integers identify the next issuer.

A newly created account store is assigned a 96-bit identifier (a cryptographic strength (pseudo) random number).

A newly created security principal in an account store is assigned a 32-bit identifier that is unique within the store.

The last item in the series of SubAuthority values is known as the relative identifier (RID). Differences in the RID are what distinguish the different SIDs generated within a domain.

Consumers of SIDs SHOULD NOT rely on anything more than that the SID has the appropriate structure.

The formal string syntax is given in section

The packet representation of the SID structure used by block protocols is defined in section

The RPC marshaled version of the SID structure is defined in section