LookupAccountSid

The LookupAccountSid function accepts a security identifier (SID) as input. It retrieves the name of the account for this SID and the name of the first domain on which this SID is found.

BOOL LookupAccountSid(
  LPCTSTR lpSystemName, // address of string for system name
  PSID Sid,             // address of security identifier
  LPTSTR Name,          // address of string for account name
  LPDWORD cbName,       // address of size account string
  LPTSTR ReferencedDomainName,
                        // address of string for referenced domain
  LPDWORD cbReferencedDomainName,
                        // address of size domain string
  PSID_NAME_USE peUse   // address of structure for SID type
);
 

Parameters

lpSystemName
Pointer to a null-terminated string specifying the system. This string can be the name of a remote computer. If this string is NULL, the SID is looked up on the local system.
Sid
Pointer to a SID structure for which the account name is looked up.
Name
Pointer to a buffer receiving a null-terminated string representing the account name corresponding to the Sid parameter.
cbName
Pointer to a DWORD variable. On input, this value specifies the size, in bytes (ANSI version) or characters (Unicode version), of the Name buffer. If the function fails because the buffer is too small, this variable receives the required buffer size, including the terminating null character.
ReferencedDomainName
Pointer to a buffer that will receive a null-terminated string giving the name of the domain where the account name was found.

For Windows NT systems, the domain name returned for most accounts in the local computer's security database is the computer's name as of the last start of the system. Backslashes are excluded. If the computer's name changes, the old name continues to be returned as the domain name until the system is restarted.

For Windows NT Server systems, the domain name returned for most accounts in the local computer's security database is the name of the domain for which the Windows NT Server is a domain controller.

Some accounts are predefined by the system. The domain name returned for these accounts is BUILTIN.

cbReferencedDomainName
Pointer to a DWORD variable. On input, this value specifies the size, in bytes (ANSI version) or characters (Unicode version), of the ReferencedDomainName buffer. If the function fails because the buffer is too small, this variable receives the required buffer size, including the terminating null character.
peUse
Pointer to an SID_NAME_USE enumerated type indicating the type of the account when the function returns.

Return Values

If the function succeeds, the return value is nonzero.

If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The LookupAccountSid function attempts to find a name for the specified security identifier by first checking a list of well-known SIDs. If the supplied SID does not correspond to a well-known SID, the function checks built-in and administratively defined local accounts. Next, the function checks the primary domain. Security identifiers not recognized by the primary domain are checked against the trusted domains corresponding to their SID prefixes.

LookupAccountSid fails and GetLastError returns ERROR_NONE_MAPPED if it cannot find an account name for the SID. This can occur if a network timeout prevents the function from finding the name. It also occurs for SIDs that have no corresponding account name, such as a logon SID that identifies a logon session.

QuickInfo

  Windows NT: Requires version 3.1 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in winbase.h.
  Import Library: Use advapi32.lib.
  Unicode: Implemented as Unicode and ANSI versions on Windows NT.

See Also

Access Control Overview, Access Control Functions, EqualPrefixSid, LookupAccountName