Servers with duplicate SIDs

Posted on 2011-04-21
Last Modified: 2012-05-11

I have three Win 2008 R2 production servers, one with SQL, one with SQLRS and one with IIS installed that have ended up with the same SIDs as a trusting domain. I have confirmed this with psgetsid.

I need to, if possible, generate new SIDs for these serves without killing the installed apps.

Is this even possible? Could I take them off the domain, run Ghostwalker , or can I run SysPrep (making sure the generalize box is ticked) to generate new SIDs, and rejoin to the domain without killing the installs?

It's really going to be a major problem if I have to rebuild the servers from scratch. They are VMs so I can take clones/snapshots etc to try things out.

Any advice welcome, thanks
Question by:paulo999
    LVL 6

    Assisted Solution

    Yes, SysPrep should do the trick and it will leave your installed apps untouched. However, it may ask you to "activate Windows" once you restart the server. It's good that you can test this with your VM snapshot though :-)
    LVL 7

    Expert Comment

    Run newsid to change the SID:

    Rejoin the servers after reboot.
    LVL 37

    Assisted Solution

    Beware of where you download newsid from!! Microsoft no longer support it and do not have a download link for it.  There are numerous trojon versions of it out there I am led to believe.
    LVL 20

    Assisted Solution

    by:Svet Paperov
    NewSID does't work on WS2008. You need to use sysprep; you will not lose applications but you will have to reactivate Windows

    Author Comment

    Thanks for the replies. I will clone all machines and try sysprep on the clones.

    Will sysprep not kill SQL, IIS, SharePoint etc?
    LVL 20

    Accepted Solution

    No, it will not. Sysprep do the same as newSID and a little bit more, as resetting the activation status for example.

    However, you need to remove the server from the domain before doing sysprep on it and that could cause you some issues with SQL, IIS and SharePoint if you are using domain accounts to run some of these services (as it is suggested in the best practices). You could mitigate that by creating a dummy local account and temporary replacing all domain accounts used on the server with it. Then, ones, you rejoin the cloned servers to the domain you can set the correct domain account again.

    Author Closing Comment

    Thanks for the replies. MS has never support newSID, and it doesn't work on W2008, although it works great on XP and W2003

    I haven't had chance to try sysprep yet as other commitments have occurred but I will try it out.

    Featured Post

    Are end users causing IT problems again?

    You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
    This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now