Click here to Skip to main content
13,201,763 members (71,916 online)
Click here to Skip to main content
Add your own
alternative version


18 bookmarked
Posted 17 Dec 2001

Converting SIDs between strings and binary

, 17 Dec 2001
Rate this:
Please Sign up or sign in to vote.
How to convert SIDs between string and binary representations
<!-- Download Links --> <!-- Add the rest of your HTML here -->


Anyone who has ever used advanced security in Windows NT has probably run across SIDs before. SID is an acronym for Security IDentifier. A SID is a structure of variable length that uniquely identifies a user or group on Windows NT. SIDs are often viewed in string form, for example 'S-1-5-21-1431262831-1455604309-1834353910-1000'. However all the Win32 API that work with SIDs use the binary representation. As such the programmer may need to convert between string and binary representations of SIDs.

Starting in Windows 2000 Microsoft added two APIs for converting SIDs. They are ConvertStringSidToSid() and ConvertSidToStringSid(). The down-side to these APIs is they require the Platform SDK (for the file SDDL.H) and they don't work on Windows NT. If you are content with these restrictions, then I encourage you to use the Microsoft APIs. But if you need to convert SIDs in Windows NT then you'll need to write your own functions. Realizing there was no built-in way to convert SIDs in Windows NT, Microsoft released two Knowledgebase articles Q198907 and Q131320. These articles provide two functions to handle the conversion. I took these two functions, fixed a few minor bugs, and cleaned up the code to result in the following functions. It should be noted that no SID conversion functions work on Win95/98/ME. Only NT-based operating systems use SIDs and therefore only those systems contain the Win32 APIs that use SIDs.

PSID GetBinarySid(LPCTSTR szSid)
     // This function is based off the KB article Q198907.
     // This function is the same as ConvertStringSidToSid(),
     // except that function is only on Windows 2000 and newer.
     // The calling function must free the returned SID with FreeSid.


     PSID pSid = NULL;
     LPTSTR szSidCopy = NULL;

          int i;
          LPTSTR ptr, ptr1;
          SID_IDENTIFIER_AUTHORITY sia; ZeroMemory(&sia, sizeof(sia));
          BYTE nByteAuthorityCount = 0;
          DWORD dwSubAuthority[8] = {0, 0, 0, 0, 0, 0, 0, 0};

          szSidCopy = new TCHAR[lstrlen(szSid) + 1];
          lstrcpy(szSidCopy, szSid);

          // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL

          // Skip 'S'
          if(!(ptr = _tcschr(szSidCopy, _T('-'))))
               return NULL;

          // Skip '-'

          // Skip SID_REVISION
          if(!(ptr = _tcschr(ptr, _T('-'))))
               return NULL;

          // Skip '-'

          // Skip IdentifierAuthority
          if(!(ptr1 = _tcschr(ptr, _T('-'))))
               return NULL;
          *ptr1= 0;

          if((*ptr == _T('0')) && (*(ptr + 1) == _T('x')))
               _stscanf(ptr, _T("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
               DWORD dwValue;
               _stscanf(ptr, _T("%lu"), &dwValue);

               sia.Value[5] = (BYTE)(dwValue & 0x000000FF);
               sia.Value[4] = (BYTE)(dwValue & 0x0000FF00) >> 8;
               sia.Value[3] = (BYTE)(dwValue & 0x00FF0000) >> 16;
               sia.Value[2] = (BYTE)(dwValue & 0xFF000000) >> 24;

          // Skip '-'
          *ptr1 = '-';
          ptr = ptr1;

          for(i = 0; i < 8; i++)
               // Get subauthority
               if(!(ptr = _tcschr(ptr, _T('-'))))
               *ptr = 0;

          for(i = 0; i < nByteAuthorityCount; i++)
               // Get subauthority
               _stscanf(ptr1, _T("%lu"), &dwSubAuthority[i]);
               ptr1 += lstrlen(ptr1) + 1;
          delete[] szSidCopy;
          szSidCopy = NULL;

               pSid = NULL;
          delete[] szSidCopy;
          pSid = NULL;

     return pSid;

bool GetTextualSid(const PSID pSid, LPTSTR szSid, DWORD &dwBufferSize)
     // This function is based off the KB article Q131320.
     // This function is the same as ConvertSidToStringSid(),
     // except that function is only on Windows 2000 and newer.


     bool bRtnVal = true;

          DWORD dwSidSize, dwSubAuthorities;

          // Validate the binary SID
               return false;

          // Get the identifier authority value from the SID
          psia = GetSidIdentifierAuthority(pSid);

          // Get the number of subauthorities in the SID.
          dwSubAuthorities = *GetSidSubAuthorityCount(pSid);

          // Compute the buffer length
          // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
          dwSidSize = (15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);

          // Was the provided buffer large enough?
          if(dwBufferSize < dwSidSize)
               dwBufferSize = dwSidSize;
               return false;

          // Add 'S' prefix and revision number to the string
          dwSidSize = _stprintf(szSid, _T("S-%lu-"), SID_REVISION);

          // Add SID identifier authority to the string.
          if((psia->Value[0] != 0) || (psia->Value[1] != 0))
               dwSidSize += _stprintf(szSid + lstrlen(szSid),
               dwSidSize += _stprintf(szSid + lstrlen(szSid),
                    (ULONG)(psia->Value[5]) +
                    (ULONG)(psia->Value[4] << 8) +
                    (ULONG)(psia->Value[3] << 16) +
                    (ULONG)(psia->Value[2] << 24) );

          // Add SID subauthorities to the string
          for(DWORD dwCounter = 0; dwCounter < dwSubAuthorities; dwCounter++)
               dwSidSize += _stprintf(szSid + dwSidSize, _T("-%lu"),
                    *GetSidSubAuthority(pSid, dwCounter));
          bRtnVal = false;

     return bRtnVal;


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Brian Friesen
Web Developer
United States United States
No Biography provided

You may also be interested in...

Comments and Discussions

GeneralDoes it give the same output as that of GetBinaryForm Pin
sharad_sharma_2k8-Feb-07 20:56
membersharad_sharma_2k8-Feb-07 20:56 
GeneralDoes it give the same output as that of SecurityIdentifier.GetBinaryForm() of .NET 2.0 Pin
sharad_sharma_2k8-Feb-07 20:54
membersharad_sharma_2k8-Feb-07 20:54 
GeneralGreat Article Pin
Alois Kraus12-Jun-02 1:31
memberAlois Kraus12-Jun-02 1:31 
GeneralUserlist Pin
Haresh15-May-02 1:32
memberHaresh15-May-02 1:32 
GeneralRe: Userlist Pin
Kedar Babar16-Oct-02 21:59
sussKedar Babar16-Oct-02 21:59 
GeneralAther functions Pin
Gil Messerman14-Feb-02 11:56
memberGil Messerman14-Feb-02 11:56 
GeneralRe: Ather functions Pin
Brian Friesen15-Feb-02 9:04
memberBrian Friesen15-Feb-02 9:04 
QuestionExamples (demos)?? Pin
Daniel Madden18-Dec-01 19:06
memberDaniel Madden18-Dec-01 19:06 

Nice clean-up of the you have any examples of this in work??

Thanks in advance,


General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.171020.1 | Last Updated 18 Dec 2001
Article Copyright 2001 by Brian Friesen
Everything else Copyright © CodeProject, 1999-2017
Layout: fixed | fluid