Get username and domain of Foreign Security Principal from domain trust

You can use this code to determine the DOMAIN\username from the Foreign Security Principal which is really the SID of the account. Pass the full distinguishedName of the ForeignSecurityPrincipal.

static string GetUserNameOfFSP(string ForeignSecurityPrincipal)


           //Returns with syntax of "DOMAIN\logonname"



               DirectoryEntry user = new DirectoryEntry("LDAP://" + ForeignSecurityPrincipal);

               SecurityIdentifier sid = new SecurityIdentifier((byte[])user.InvokeGet("objectSid"), 0);

               NTAccount account = (NTAccount)sid.Translate(typeof(NTAccount));

               return account.ToString();


           catch (DirectoryServicesCOMException e) { Console.Write(e.Message); return "Error"; }



  1. I have some foreignsecurityprincipals and need to find out their account names. Do I need to change anything on your script before running itt???

Leave a comment

Your email address will not be published. Required fields are marked *