I was setting up the local administrator group membership in Intune, and needed a way to add a Entra ID object. You can add Users, Groups, and Roles by their SID.
The conversion is just splitting the ObjectID’s (GUID) 128 bits into four 32-bit decimal values.
This is easily done in PowerShell.
Entra ID GUID to SID
$guid = "9f06204d-73c1-4d4c-880a-6edb90606fd8"
$prefix = "S-1-12-1" # Change to S-1-12-8 for GCC-H
$b=[GUID]::Parse($guid).ToByteArray(); "$prefix-" + ((0..3 | % { [BitConverter]::ToUInt32($b, $_*4) }) -join '-')SID to Entra ID GUID
$sid = "S-1-12-1-1940430072-1240002806-2496020000-3030000218"
[GUID][byte[]]([UInt32[]](($sid -replace '^S-1-12-\d+-') -split '-') | % { [BitConverter]::GetBytes($_) })Both will print the result to console.