Change SID

[leco]

During investigation with regard to Group Policies I have discovered that two of my servers (both DCs) have the same SID. I think they should have different ones, if this is the case then how do I change one of them?

[kili]

The only way you would have a duplicate SID is if the machine was cloned. If so you need a sid changer

 

Google is your friend. Search for "Sid Changer"

[AngryTechnician]

All domain controllers in a single domain are supposed to have the same machine SID.

 

The DC SID is determined by the first DC, then all subsequent machines promoted to DC are reassigned that SID. More info here: Should Domain Controllers have the same SID?

[robk]

Not sure how AD would respond to the SID of a machine just changing. How many servers are affected? Could you transfer all the roles to other DCs and demote the two affected ones?

 

These aren`t virtual servers by any chance are they.

[leco]

OK thanks everyone. I've read a blog from Mark Russinovich which talks about the myth of unique SIDs. So I'm content to leave things be.

[p858snake]

OK thanks everyone. I've read a blog from Mark Russinovich which talks about the myth of unique SIDs. So I'm content to leave things be.

That only covers the machine sid, there are other ones for things like wsus, which is why you are are ment to sysprep images.

[leco]

Just for clarity: The two servers are running Windows 2003 and Windows 2008. They are physical machines. They are not cloned, imaged or copied from each other in any way.

[sparkeh]

Just to be clear (and to reiterate what AngryTechnician said but seems to have been missed) all DCs in a domain should have the same machine SID.