How to get (AD) LDAP person entry by SID?
Solution 1:
I wish it was as easy as:
dsget user "objectSID={thesid},CN=Users,DC=domain,DC=com" -samid
But it's not; AD stores the objectSID as hexadecimal.
The folks on serverfault have written a few answers that may help, though:
Retrieve user details from Active Directory using SID
Solution 2:
Another way would be to forsake LDAP and use WMIC:
H:\>wmic useraccount where (sid = "S-1-5-21-1698188384-1693678267-1543859470-6637") get * /format:list
AccountType=512
Caption=MYDOMAIN\quux
Description=some guy's account
Disabled=FALSE
Domain=MYDOMAIN
FullName=Some Guy
InstallDate=
LocalAccount=FALSE
Lockout=FALSE
Name=quux
PasswordChangeable=TRUE
PasswordExpires=FALSE
PasswordRequired=TRUE
SID=S-1-5-21-1698188384-1693678267-1543859470-6637
SIDType=1
Status=OK
Now you have several attributes that should be easy to search via LDAP, if you still need to.