none
Same SID on domain.

    Question

  • Hi Chap's,

     

    I've just take over a small Windows 2003 Domain with around 60 Windows xp / 7 computers.  Out of these i have come across 30 of them that have the same SID.  The previous guy cloned them however never used sysprep to change the sid.

    So my Questions are :

    1, What sort of issues could i run into down the line ?

    2, Is this ok to do ?  I've always thought changing the SID is a MUST TO.

    3, if not, i need some sort of MS documentation to say this is a BAD thing as i need to present to my manager.

    4, Are there any tools that will let me change the SID's without messing the user's profile up.

    Thanks all

     

     


    Roger
    Friday, January 27, 2012 4:12 PM

Answers

All replies

  • You can run into various isses such as being unable to access systems, permission problems, and authentication.  Sometimes, it takes time for these issues to manifest and can be very hard to isolate and troubleshoot.  That is part of the reason why clean installs work so well.

    The only real, supported method to change a computer's SID, is to remove the computer from the domain, rerun sysprep /oobe /restart.  That will generate a new SID--and keep current users profiles in tact!  Once OOBE is complete rejoin to domain.

    If you use any third-party tools to change the SID, you will break domain membership anyway and will have to reset the account and rejoin.

     

    • Marked as answer by Roger Patel Monday, February 6, 2012 9:50 AM
    Friday, January 27, 2012 5:13 PM
  • Thanks for that Darien.

    I need some sort of MS document that states this to give to my manager, do you know of anything i can have ?

     

     


    Roger
    Friday, January 27, 2012 5:16 PM
  • This may help or provide a good starting point:  http://technet.microsoft.com/en-us/library/cc721940(WS.10).aspx.  Here is another resource that may be of benefit: http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

    Friday, January 27, 2012 6:33 PM
  • I think you should read Mark Russinovich's blog post on the SID myth, http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

    Blogging about Windows for IT pros at www.theexperienceblog.com

    Friday, January 27, 2012 6:36 PM
  • Hi,

    Please refer to the posts by DarienHawk67 and Andreas, if you have more questions on this, please feel free to let us know.

    Thanks.

    Juke Chou
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.


    Juke Chou

    TechNet Community Support

    Monday, January 30, 2012 7:51 AM
    Moderator
  • I have to say that the SID "myth" is real. As DarienHawk67 stated, issues with multiple identical SIDs popup in odd and hard to diagnos ways. At a conference I was at an MS presenter if commented that Mark's article brought more confusion to the SID issue as more and more problems with identical SIDs were being seen due to the proliferation of virtual machines and the tendency to just clone one image. I personally have seen this issue and am careful to sysprep machines before deployment.
    Tuesday, January 31, 2012 2:46 PM
  • Hi,

    Any update?


    Juke Chou

    TechNet Community Support

    Thursday, February 2, 2012 10:39 AM
    Moderator
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Juke Chou
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.


    Juke Chou

    TechNet Community Support

    • Proposed as answer by seanmp1117 Tuesday, July 1, 2014 3:03 PM
    Monday, February 6, 2012 9:40 AM
    Moderator
  • Actually

        sysprep /oobe /reboot /generalize

    otherwise is pointless!

    • Edited by abatishchev Monday, July 22, 2013 3:57 AM Update
    Sunday, July 21, 2013 10:39 PM
  • Actually sysprep /oobe /restart {should be /reboot} does not change the SID.  You must use the /generalize switch in order to change the SID.  /sysprep /generalize /reboot will however leave all user account information intact while removing PC specific information.
    Thursday, August 7, 2014 12:20 PM