Domain users and information about them can be pulled from Active Directory with native .Net routines. There is no need to rely on the AD Extensions. Because this information is available to everyone on the domain no special permissions are needed.

Here are three different routines to deal with domain and local users:

get-users.ps1 returns all the users objects in the domain - this can include computer objects. It displays name, SID, scriptpath, pwdlastset, lastlogontimestamp, memberof, whencreated, lastlogon, homedirectory, samaccountname, and mail. Other properties can easily be added.

convert-user2sid.ps1 converts a user name to a SID. This works for both local and domain users. If a local user has the same name as a domain user the local user SID will be returned by default. Specify the domain/user to ensure a domain user SID is returned.

convert-sid2user.ps1 converts a sid to a user name. Again it works on both the local and domain levels.