Wednesday, April 2, 2008


Here is the question how you can identify the build in domain administrator account in your domain assuming ,The classic description filed for this account is wiped out and account is renamed Description would be Built-in account for administering the computer/domain. The answer to this question came so fast, within 10 seconds from Jason Weaver, senior systems engineer.

First step, Download sid2user

The easiest way is to copy the files into support tools directory so that you can execute from any level from dos (assuming you have already installed windows 2003 support tools on your workstation, otherwise you need to drill to the same directory where these two little executables will reside in. I use powers hell so it is up to you to use either power shell or classis CMD.

PS F:\> user2sid oozugurlu

  • S-1-5-21-2026909314-1939897469-926709054-95328
  • Number of subauthorities is 5

Nice I get my SID ID as above. What is a SID ID anyway?

When a new domain user or group account is created, Active Directory stores the account's SID in the Object-SID (objectSID) property of a User or Group object. It also assigns the new object a globally unique identifier (GUID), which is a 128-bit value that is unique not only in the enterprise but also across the world


  • Security identifier A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems. Well-known SIDs is a group of SIDs that identify generic users or generic groups. Their values remain constant across all operating systems.


  • Globally Unique identifier, 128-Bit value unique across the word.
  • SID: S-1-5-domain-500
  • Name: Administrator

Description: A user account for the system administrator. By default, it is the only user account that is given full control over the system

  • SID: S-1-5-domain-501
  • Name: Guest

Description: A user account for people who do not have individual accounts. This user account does not require a password. By default, the Guest account is disabled

PS C:\> user2sid oozugurlu


  • Number of subauthorities is 5
  • Domain is SMTP25
  • Length of SID in memory is 28 bytes
  • Type of SID is SidTypeUser

PS C:\> sid2user 5 21 2026909314 1939897469 926709054 500

  • Name is manSMTP25
  • Domain is SMTP25
  • Type of SID is SidTypeUser

Don't forget as you see in above example I have taken out the – Dashes and leave it blank and added 500 at the end to determine the user account name for the build in administrator

It is not possible to delete the Administrator account? Well it is not if you try you will receive following errors "Cannot delete built in accounts" windows wont seem to be happy with you trying to delete this account, so it is impossible to delete it, you don't want to delete this account anyway, when DC is hosed up this is the only account can get in to the Domain controllers.


Oz ozugurlu,
Systems Engineer
Security Project+ Server+

No comments: