How do I map a SID that's stored in the registry to the corresponding username?
You can use the Windows Management Instrumentation (WMI) Scripting Library and the WMI Win32_SID class to map a SID to a username. Listing 2 shows a sample script that maps a SID to the username. The script accepts a single command-line argument, which represents the SID you want to map (e.g., S-1-5-32-544).
The script sets two references—one to the WScript.Arguments collection and one to the WScript.StdOut property. Because it uses StdOut, you must run the script with the cscript.exe host. Next, the script checks the number of command-line arguments; if the number is anything other than 1, the script echoes a brief usage message and exits.
At callout A in Listing 2, the script establishes a connection to WMI, which returns an SWbemServices object. Next, the script uses the SWbemServices Get method to retrieve the instance of the Win32_SID class for the SID that you want to map. The script stores the instance in the variable named wmiSID, which subsequently echoes the properties provided by the Win32_SID class.
To run the sample script, include the target SID after the script name, as in
C:\> Win32_SID.vbs S-1-5-32-544
If a valid SID is passed to the script, your output will look like Figure 1.
To learn more, see the WMI software development kit (SDK) at http://msdn.microsoft.com/library/en-us/wmisdk/wmistart_5kth.asp?frame=true.