Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 312
  • Last Modified:

Refreshing SID's in Active Directory 2000

I have 5 machines that are all identical, all Windows XP Professional 64. All were setup using the same ghost image which was take of 1 of the machines. Unfortunately sysprep was not run before taking the image so when all the machines were setup they all had the same name, on the same domain, with the same SIDs. Upon booting up the each machine, i removed it from the domain, changed the name and then rebooted. Then i added it back into the domain. I was under the impression that this would create new SIDs but i don't think it has. We are now getting user errors when trying to login to these machines saying the computer/user has been locked out. I assume this has something to do with duplicate SIDs in Active Directory. Does anyone know how i can resolve this problem? How can i renew the SIDs for each machine?
0
Yaniv Schiff
Asked:
Yaniv Schiff
  • 2
1 Solution
 
oBdACommented:
The only way to get your systems back to a state where you will be able to get MS support if you should ever need it is to re-image them correctly (which means deploying an image that has been syspreped; note the part about "If an image was created without the use of sysprep, Microsoft does not support the running of Sysprep after the image is deployed as a way to bring the computer back into compliance.") If you can live without support, you can just run it on the machines.
The Microsoft policy concerning disk duplication of Windows XP installations
http://support.microsoft.com/?kbid=314828
There's a link in the article to Sysinternal's NewSid, but I don't know if this will run on XP 64 as well (and it doesn't solve the support problem).
Whichever method you chose, unjoin the machines from the domain before you start!
0
 
cjtramanCommented:
http://www.sysinternals.com/Utilities/NewSid.html

check if that helps..Ensure you remove the desktop from domain before imaging.
0
 
oBdACommented:
"Did you ever have a Deja Vu, Mrs. Lancaster?" - "I don't think so, but I could check with the kitchen." [Groundhog Day]
0
 
Yaniv SchiffDirector of Digital Forensics Author Commented:
THanks for your help guys. Turns out i didn't need to go through any of those steps though. After Makings sure all the machines had different IPs (they didn't), and changing their names and removing them and re-adding them to the Domain everything seems to work again. That sysinternals program is pretty cool though, thanks for the info.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now