query
sid::query
can be used to query an object by its SID or name. It has the following command line argument:
/sam
: thesAMAccountName
/sid
: the security identifier/domain
: the domain name. If not specified, the current domain will be used
mimikatz # sid::query /sam:m3g9tr0n
CN=m3g9tr0n megas,CN=Users,DC=hacklab,DC=local
name: m3g9tr0n megas
objectGUID: {4805c336-f02a-463b-9b3b-94f373759d39}
objectSid: S-1-5-21-2725560159-1428537199-2260736313-1730
sAMAccountName: m3g9tr0n
Last updated