2

Can I compare 2 string-format SIDs for equality?

As per my understanding, a Group SID is a unique identifier in an Active Directory forest, so the string that I get by using ConvertSidToStringSid will also be unique and can thus be compared to any other Group SID (string format) by using string comparison functions?

unwind
  • 364,555
  • 61
  • 449
  • 578
picrodevosio
  • 41
  • 1
  • 9

1 Answers1

2

AFAIK the answer is "yes as long as you're using case insensitive comparison".

However, if I were you I'd consider using the EqualSid API to compare them as binary, and only convert them to string to show to the end user of your software.

Soonts
  • 15,806
  • 9
  • 45
  • 100