sid::query can be used to query an object by its SID or name. It has the following command line argument:
  • /sam: the sAMAccountName
  • /sid: the security identifier
  • /domain: the domain name. If not specified, the current domain will be used
mimikatz # sid::query /sam:m3g9tr0n
CN=m3g9tr0n megas,CN=Users,DC=hacklab,DC=local
name: m3g9tr0n megas
objectGUID: {4805c336-f02a-463b-9b3b-94f373759d39}
objectSid: S-1-5-21-2725560159-1428537199-2260736313-1730
sAMAccountName: m3g9tr0n
Last modified 7mo ago
Copy link