Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIDs on domain controllers 1

Status
Not open for further replies.
Hondy

Hondy

Technical User
Mar 3, 2003
864
0
0
GB
I have 2 domain controllers, I checked the SID on the server before the DCPROMO and after.

The SID as reported by newSID changed and now both DCs show the same SID... is this normal? Is this bad reporting of the SID by newSID (not designed for DC's)

How can I verify that all my machines have different "actual" SIDs and not some bogus "reported" SID?

Thanks
 
Sort by date Sort by votes
Just ignoring the SIDS for one moment, what actual problem are you trying to solve?? What problems are you actually having??

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
I was having sysprep issues, or i thought I was. I thought the SIDs were the same on the DC's but it seems that when you promote them they both end up displaying the same SID through newSID.

Argh
 
Upvote 0 Downvote
This MS document explains how to look for duplicate SIDS;


If this does not show any duplicate SIDS then stop worrying about what Newsid shows. If it does show duplicate SIDS then follow the document through. Also then check that your RID master FSMO is online and functioning properly.

Remember though that if you do have duplicate SIDS and you follow the document on how to remove them ALL objects that have the same SID are removed. AD has no way of knowing which object you want to keep so it removes all of them.

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
Also look in the event log on the DCs, if you have duplicate SIDS then this will be logged in event viewer.

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
where were you yesterday?!!!

Thanks pagy thats exactly what I wanted! have a star :)

For anyone else reading...

from command prompt:
NTDSUTIL
security account management
connect to myDNSserver
check duplicate sid


 
Upvote 0 Downvote
Was newSID not reporting correctly, or do you have a duplicate?


--
The stagehand's axiom: "Never lift what you can drag, never drag what you can roll, never roll what you can leave.
 
Upvote 0 Downvote
newSID was reporting incorrectly. NTDSUTIL showed I was error free.

But don't blame newSID, it does say it shouldn't be ran on DC's - I never "ran" it, just used its power to find the SID which it did but incorrectly.

Running before dcpromo showed one SID, then after running DCPROMO it showed another SID - but it was the same install so...

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
181
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
78
ADB100
ADB100
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
84
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
163
fredmartinmaine
fredmartinmaine
James281
  • Locked
  • Question
Enrolment agent (enrol on behalf of) stopped working
Replies
1
Views
61
mikehook
mikehook

Part and Inventory Search

Sponsor

Back
Top