If you work with Azure AD and especially in my case with Intune and Azure AD you have probably seen Object IDs in the Azure AD portal on the user objects, group objects, or in the Intune log files.
Here a portal screenshot of a demo user:
Here a screenshot of the Intune Management Extension log file:
Another ID is the Security Identifier (SID) which you might have seen here and there. A famous command to show the SID of the user is whoami
On an Azure AD joined device in the local Administrators group you will find Azure AD SIDs:
These IDs have a relationship and they can be converted to each other. For example wouldn’t it be nice to take the SID from the local administrators group and convert it to the Object ID to know which AAD group it represents or vice versa?
If we lookup the Azure AD roles we get the Object ID of the Device Administrators group for the converted SID:
And as I said they can be converted vice versa so here we convert the Object ID back to the SID:
This can be helpful in scripts here you see SIDs or ObjectIDs. You are now able to convert
- Azure AD Group Object ID to SIDs
- Azure AD User Object IDs to SIDs
and vice versa (that’s what I tested…).
I think Michael will like it as well for its Get-AutopilotESPStatus script here 🙂
Another new Get-AutopilotESPStatus script posted
I hope this small helper will not just help Michael and me from time to time 👍
Let’s have some PowerShell converting fun.