Use the principal_to_id command to search Active Directory for the specified user principal name (UPN) of a user or group security principal. If a security principal is found for the specified UPN, the command returns the numeric identifier for the principal.

Zone type

Not applicable


principal_to_id [-apple] upn




This command takes the following option:

Option Description


Specifies that you want to use the Apple scheme for generating the UID or GID for the specified user or group principal.

If you don’t specify this option, the UID or GID returned is based on the Centrify Auto Zone scheme.


This command takes the following argument:

Argument Type Description



Required. Specifies the user principal name (UPN) of a user or group security principal.

Return value

This command returns a unique UID or GID based on either the Apple methodology or the Centrify Auto Zone methodology for generating numeric identifiers. If the user or group principal is not found in Active Directory, the command returns an error message indicating that it didn’t find the principal.


principal_to_id -apple

This example returns the UID for the specified user generated using the Apple scheme:


Related commands

The following commands perform actions related to this command:

  • guid_to_id accepts a globally unique identifier (GUID) for a user or group and returns a UID or GID generated using the Apple scheme.
  • principal_from_sid searches Active Directory for a security identifier and returns the security principal associated with the security identifier.