locked
Resolve issue related to SID when cloning VMs RRS feed

  • General discussion

  • Error:- The operation failed because:

    The security account manager (SAM) has determined that the security identifier (SID) for this computer is already in use in the Forest you want to join. This can happen when restoring an Active Directory Domain Controller with an improper backup. Reinstall the operating system on the local AD DC to obtain a new SID.

    "The specified domain already exists."

    Above error is an example. You might come across many errors while configuring system components.

    Scenario:
    1) Build a Windows Server 2008 R2 server, apply patches and various tweaks.
    2) Shutdown the server and take an image (or clone it to a virtual machine template). Note: I haven’t used Sysprep!
    3) Deploy two new servers from the image or template. Promote one to a domain controller and add the other one to the domain as a member server.

    In this scenario the first problem I would encounter is that any domain users that are a member of Domain Admins will not have the appropriate permissions to access PowerShell or Computer Management. The default Administrator account would work fine. Secondly, if I try and ping the domain controller I would get the following error:
    C:\Users\User1>ping LAB-DC01
    Unable to contact IP driver. General failure.

    So the SID really does matter. Prior to taking your clone or image, just remember to use Sysprep as follows:

    1) Run Sysprep (on Windows Server 2008 this is located in c:\Windows\System32\Sysprep\Sysprep.exe)
    2) Ensure ‘System Out-of-Box Experience (OOBE)’ is selected
    3) Tick the ‘Generalize’ option (this resets the SID)
    4) Select ‘Shutdown’ from the Shutdown Options.
    5) Once the machine has shutdown, take your image and you are good to go!

    - Sandeep Kota



    Regards, Sandeep Kota

    Thursday, June 14, 2012 5:26 PM

All replies

  • is your OS licenses genuine ?

    Guowen Su
    Cisco Certified Network Associate
    Cisco Certified Internetwork professional - MPLS
    Certified Information Systems Security Professional
    Microsoft Partner Network 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator:Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Certified Ethical Hacker
    Computer Hacking Forensics Investigator
    Certified Sonicwall Security Administrator
    Microsoft Geeks

    Friday, June 15, 2012 3:21 AM