Hello Everyone and as always a big thanks to everyone for their time and expert insights.
Kind of a silly question as it has never come up before until Windows 10 and the need for WSUS.
We did not traditionally sysprep desktops since unique identifiers changed enough when joining domain and we did not use WSUS so SID issue was not really applicable.
Never had nay problems with W7, but now need to use WSUS (2016) for W10 and aware of SID problems with it.
I ran a few queries ( ) out of curiosity against W7 computer SIDS and some DC (both 2016 install from ground up, i.e. not a template or clone image) and the SIDS are al different, but only the last two digits and that makes me wonder and worry a bit. Is that normal?
Get-WmiObject -class Win32_UserAccount | Select AccountType, Caption, Domain, SID, FullName, Name | Export-CSV C:\exports\Computerlist.cs
dsquery computer -name "is004109" | dsget computer -SID
Examples in image include 4 x W7 desktops from same image, 4 x W10 desktops from same image and a variety of physical and virtual servers with various roles. Note last 4 digits are different
So does that mean that we do not have a SID duplication issue?
The SID I am displaying was queued from domain bound machines that are in AD!
We do generally not promote machines into a domain before we make an image of them. Servers tend to have the sysprep run with OOBE or are one off servers built from ground up without image.