What is the SID for the Domain Admins security group in Active Directory?

An SID looks like this:

  S-1-5-32-1045337234-12924708993-5683276719-19000

Microsoft usually breaks this down into this pattern:

  (SID)-(revision level)-(identifier-authority)-(subauthority1)-(subauthority2)-(etc)

SID: The initial S merely identifies the following string as being an SID.
Revision level: To date, this has never changed and has always been 1.
Identifier-authority: This is a 48-bit string that identifies the authority (the computer or network) that created the SID.
Subauthority: This is a variable number that identifies the relation of the user or group described by the SID to the authority that created it. The number tells you:
- Which computer (or network) created the number
- Whether this user is a normal user, a guest, an administrator, or part of some other group
- In what order the user's account was created by this authority (i.e., "This was the first user" or "This is the 231st machine account created".)
This number is also referred to as the "Relative identifier". There can be several subauthorities involved, especially if the account exists on a domain and belongs to different groups.

This security group has not changed since Windows Server 2008.

Attribute	Value
Well-Known SID/RID	S-1-5-<domain>-512
Type	Domain Global
Default container	CN=Users, DC=<domain>, DC=
Default members	Administrator
Default member of	Administrators Denied RODC Password ReplicationGroup
Protected by ADMINSDHOLDER?	Yes
Safe to move out of default container?	Yes
Safe to delegate management of this group to non-Service admins?	No
Default User Rights	See Administrators See Denied RODC Password Replication Group

Quiz