Security Identifier (SID)
SID (Security Identifier) is a unique value of variable length that is used to identify a user (or group) account in Windows operating systems.
Security Identifier Structure
| SID Field | Description |
|---|---|
| Revision | Revision level |
| SubAuthorityCount | SubAuthority count. |
| IdentifierAuthority | IdentifierAuthority is 48-bit number that is usually presented as 3 numbers (16 bits each) IdentifierAuthority[0], IdentifierAuthority[2] and IdentifierAuthority[3] |
| SubAuthority | A variable number of SubAuthority or Relative Identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID |
To help visualize the components of the SID, a standardized string notation is used in the following order – S-R-I-S-S… – w here:
- "S" identifies the series of digits as an SID
- "R" is the revision level
- "I" is the identifier-authority value
- "S" is one or more subauthority values
The following example uses this notation to display the well-known domain-relative SID of the local Administrators group:
S-1-5-32-544
In this example, the SID has the following components:
- A revision level of "1".
- An identifier-authority value of "5" (SECURITY_NT_AUTHORITY).
- A first subauthority value of "32" (SECURITY_BUILTIN_DOMAIN_RID).
- A second subauthority value of "544" (DOMAIN_ALIAS_RID_ADMINS).