[clug] Perl to unpack an Active Directory objectSID

Michael James clug at james.st
Fri Sep 23 07:48:31 GMT 2005

Could the Active Directory experts on the list
 please cast their eyes over this.

I found some perl code to unpack Active Directory SIDs at:


But it seems needlessly complex.

The particular SID I'm studying is (in hex, broken into 4 byte longs)

01 05 00 00  |   00 00 00 05   |
   15 00 00 00 00  |   01 36 A7 03  |   hex   |   hex   |   hex

From the code it seems:
The first byte is the SID revision number. (usually 1)
The second is the number of sub fields in the second line.
The remaining 6 bytes on the first line are the auth ID.
Just to maintain inconsistency they are read big-endian.

The second line is (in my case) 5 x 32 bit numbers read little-endian.

So to decode it these 2 lines of perl should do:

my($sid_rev, $num_auths, $id1, $id2, @ids) =
		unpack("H2 H2 n N V*", $binary_sid);
my $sid_string = join("-", "S", $sid_rev, ($id1<<32)+$id2, @ids);

Note that combining $id1 and 2
 must be done arithmetically not stringwise
 to keep the leading zero's lined up.

If any of this is wrong, please tell me.

If this is useful to anyone, I'm delighted.


Michael James			michael at james.st
Network Programmer		work:   02 6246 5040
8 Brennan St			home:   02 6247 2556
Hackett, ACT 2602		mobile: 04 1747 4065

No matter how much you pay for software,
 you always get less than you hoped.
Unless you pay nothing, then you get more.

More information about the linux mailing list