Support for programming with SIDs is new in version 2.0 of the .NET Framework. There are two new classes that represent a user or group account. The first, SecurityIdentifier, represents a machine-readable SID like I described in Item 13. The second, NTAccount, represents a human-readable user or group account name. The base class for both of these is IdentityReference, and you can easily translate back and forth between SID and name. Under the covers, the Translate method calls a low-level function in the local security authority (LSA), which translates names to SIDs or vice versa. If a domain controller needs to be contacted, this low-level function can batch up requests and translate many names in one round ...