Ansible.ModuleUtils.SID - allow SID as an input to allow people to specify well know SIDs instead of the name (#39400)

2026-05-08 06:12:51 +00:00 · 2018-04-30 16:18:25 +10:00
parent d90c36e320
commit 0d1daf4de8
6 changed files with 53 additions and 81 deletions
--- a/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.SID.psm1
+++ b/lib/ansible/module_utils/powershell/Ansible.ModuleUtils.SID.psm1
@@ -12,12 +12,15 @@ Function Convert-FromSID($sid) {
    } catch {
        Fail-Json -obj @{} -message "failed to convert sid '$sid' to a logon name: $($_.Exception.Message)"
    }
-    
+
    return $nt_account.Value
 }

-Function Convert-ToSID($account_name) {
+Function Convert-ToSID {
+    [Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSAvoidUsingEmptyCatchBlock", "", Justification="We don't care if converting to a SID fails, just that it failed or not")]
+    param($account_name)
    # Converts an account name to a SID, it can take in the following forms
+    # SID: Will just return the SID value that was passed in
    # UPN:
    #   principal@domain (Domain users only)
    # Down-Level Login Name
@@ -28,6 +31,11 @@ Function Convert-ToSID($account_name) {
    # Login Name
    #   principal (Local/Local Service Accounts)

+    try {
+        $sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList $account_name
+        return $sid.Value
+    } catch {}
+
    if ($account_name -like "*\*") {
        $account_name_split = $account_name -split "\\"
        if ($account_name_split[0] -eq ".") {