• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 313
  • Last Modified:

Refreshing SID's in Active Directory 2000

I have 5 machines that are all identical, all Windows XP Professional 64. All were setup using the same ghost image which was take of 1 of the machines. Unfortunately sysprep was not run before taking the image so when all the machines were setup they all had the same name, on the same domain, with the same SIDs. Upon booting up the each machine, i removed it from the domain, changed the name and then rebooted. Then i added it back into the domain. I was under the impression that this would create new SIDs but i don't think it has. We are now getting user errors when trying to login to these machines saying the computer/user has been locked out. I assume this has something to do with duplicate SIDs in Active Directory. Does anyone know how i can resolve this problem? How can i renew the SIDs for each machine?
0
Yaniv Schiff
Asked:
Yaniv Schiff
  • 2
1 Solution
 
oBdACommented:
The only way to get your systems back to a state where you will be able to get MS support if you should ever need it is to re-image them correctly (which means deploying an image that has been syspreped; note the part about "If an image was created without the use of sysprep, Microsoft does not support the running of Sysprep after the image is deployed as a way to bring the computer back into compliance.") If you can live without support, you can just run it on the machines.
The Microsoft policy concerning disk duplication of Windows XP installations
http://support.microsoft.com/?kbid=314828
There's a link in the article to Sysinternal's NewSid, but I don't know if this will run on XP 64 as well (and it doesn't solve the support problem).
Whichever method you chose, unjoin the machines from the domain before you start!
0
 
cjtramanCommented:
http://www.sysinternals.com/Utilities/NewSid.html

check if that helps..Ensure you remove the desktop from domain before imaging.
0
 
oBdACommented:
"Did you ever have a Deja Vu, Mrs. Lancaster?" - "I don't think so, but I could check with the kitchen." [Groundhog Day]
0
 
Yaniv SchiffDirector of Digital Forensics Author Commented:
THanks for your help guys. Turns out i didn't need to go through any of those steps though. After Makings sure all the machines had different IPs (they didn't), and changing their names and removing them and re-adding them to the Domain everything seems to work again. That sysinternals program is pretty cool though, thanks for the info.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now