Security Identifier (SID)

SID (Security Identifier) is a unique value of variable length that is used to identify a user (or group) account in Windows operating systems.

Security Identifier Structure

SID Field Description
Revision Revision level
SubAuthorityCount SubAuthority count.
IdentifierAuthority IdentifierAuthority is 48-bit number that is usually presented as 3 numbers (16 bits each) IdentifierAuthority[0], IdentifierAuthority[2] and IdentifierAuthority[3]
SubAuthority A variable number of SubAuthority or Relative Identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID

To help visualize the components of the SID, a standardized string notation is used in the following order – S-R-I-S-S… – w here:

  • "S" identifies the series of digits as an SID
  • "R" is the revision level
  • "I" is the identifier-authority value
  • "S" is one or more subauthority values

The following example uses this notation to display the well-known domain-relative SID of the local Administrators group:

S-1-5-32-544

In this example, the SID has the following components:

  • A revision level of "1".
  • An identifier-authority value of "5" (SECURITY_NT_AUTHORITY).
  • A first subauthority value of "32" (SECURITY_BUILTIN_DOMAIN_RID).
  • A second subauthority value of "544" (DOMAIN_ALIAS_RID_ADMINS).