JSI Tip 8280. What is the SID of built-in domain accounts?

The SID (Security IDentifier) of a domain object is composed by adding a RID (Relative IDentifier) to the domain SID.

The built-in objects have fixed RIDs, which are:

Built-in Object          RID Type
Domain Administrator               500  User
Domain Guest                       501  User
Domain KRBTGT                      502  User
Domain Administrators              512  Group
Domain Users                       513  Group
Domain Guests                      514  Group
Domain Computers                   515  Group
Domain Controllers                 516  Group
Domain Certificate Administrators  517  Group
Domain Schema Administrators       518  Group
Domain Enterprise Administrators   519  Group
Domain Policy Administrators       520  Group
Built-in Administrators            544  Alias
Built-in Users                     545  Alias
Built-in Guests                    546  Alias
Built-in Power Users               547  Alias
Built-in Account Operators         548  Alias
Built-in System Operators          549  Alias
Built-in Print Operators           550  Alias
Built-in Backup Operators          551  Alias
Built-in Replicator                552  Alias
Built-in RAS Servers               553  Alias

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.