[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Servers with duplicate SIDs

Posted on 2011-04-21
7
Medium Priority
?
1,001 Views
Last Modified: 2012-05-11
Hi,

I have three Win 2008 R2 production servers, one with SQL, one with SQLRS and one with IIS installed that have ended up with the same SIDs as a trusting domain. I have confirmed this with psgetsid.

I need to, if possible, generate new SIDs for these serves without killing the installed apps.

Is this even possible? Could I take them off the domain, run Ghostwalker , or can I run SysPrep (making sure the generalize box is ticked) to generate new SIDs, and rejoin to the domain without killing the installs?

It's really going to be a major problem if I have to rebuild the servers from scratch. They are VMs so I can take clones/snapshots etc to try things out.

Any advice welcome, thanks
0
Comment
Question by:paulo999
7 Comments
 
LVL 6

Assisted Solution

by:expone
expone earned 300 total points
ID: 35439718
Yes, SysPrep should do the trick and it will leave your installed apps untouched. However, it may ask you to "activate Windows" once you restart the server. It's good that you can test this with your VM snapshot though :-)
0
 
LVL 7

Expert Comment

by:ashutoshsapre
ID: 35439963
Run newsid to change the SID:

http://www.google.co.in/#q=newsid&bih=653&biw=1440&fp=16854814b19b623e&hl=en

Rejoin the servers after reboot.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 200 total points
ID: 35440047
Beware of where you download newsid from!! Microsoft no longer support it and do not have a download link for it.  There are numerous trojon versions of it out there I am led to believe.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 20

Assisted Solution

by:Svet Paperov
Svet Paperov earned 1500 total points
ID: 35440136
NewSID does't work on WS2008. You need to use sysprep; you will not lose applications but you will have to reactivate Windows
0
 

Author Comment

by:paulo999
ID: 35440971
Thanks for the replies. I will clone all machines and try sysprep on the clones.

Will sysprep not kill SQL, IIS, SharePoint etc?
0
 
LVL 20

Accepted Solution

by:
Svet Paperov earned 1500 total points
ID: 35452791
No, it will not. Sysprep do the same as newSID and a little bit more, as resetting the activation status for example.

However, you need to remove the server from the domain before doing sysprep on it and that could cause you some issues with SQL, IIS and SharePoint if you are using domain accounts to run some of these services (as it is suggested in the best practices). You could mitigate that by creating a dummy local account and temporary replacing all domain accounts used on the server with it. Then, ones, you rejoin the cloned servers to the domain you can set the correct domain account again.
0
 

Author Closing Comment

by:paulo999
ID: 35776108
Thanks for the replies. MS has never support newSID, and it doesn't work on W2008, although it works great on XP and W2003

I haven't had chance to try sysprep yet as other commitments have occurred but I will try it out.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question