PowerShell, is it possible to translate SID to ntaccount if you are not part of the domain ?

Question

I have this powershell code.

$securityidentifier = new-object security.principal.securityidentifier $sid
$user = ( $securityidentifier.translate( [security.principal.ntaccount] ) )

This code works only on a computer which is in the same domain as the user whose SID I would like to translate to ntaccount.

Is it possible to translate SID to ntaccount if you are not part of the domain, but you have domain username and password for that domain ?

Still the same error.

Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated." At C:\...\test.ps1:7 char:40 + $user = ( $securityidentifier.translate <<<< ( [security.principal.ntaccount] ) ) + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException

Answer 1

Have you tried say, mapping a drive to the domain controller, which would effectively cache the credentials for the domain user? That may then allow access to translate the SID. I haven't tried this before, but it's worth giving it a shot.

Answer 2

Since you are not in the domain, your machine has no idea who (which domain controller) it should ask to resolve this SID. It seems that there is no server parameter for the Translatename Method.

If you resort to WinApi it's possible: use the LookupAccountSid API (specify a domain controller for the lpSystemName parameter).