ldap queries for user SID against Win2k PDC

Does anyone know what kind of LDAP query I can do
against my Win2k PDC to get a user's SID? 

Currently I'm doing the following query:
baseDN: CN=Users,DC=gem,DC=mycompany,DC=com
filter: samAccountType=805306368

Though there is an "objectSid" in the response to this
message, it seems to be bogus.


