Admin Tips
- Windows Server 2008/2003/2000/XP/NT Administrator Knowledge Base
  - Windows 2003
    - Admin Tips
      - Active Directory
        Finding and Fixing Duplicate SIDs on the Network

Section(s): Active Directory
Published on Nov 26, 2008.
Last Modified on Nov 26, 2008.
Last Modified by Chris Sanders.
Rated 4 out of 5 based on 1 votes.

Duplicate SIDs on the network can cause all types of problems. Why would we have duplicate SIDs and how to we correct it?

A security identifier (SID) is a unique name that a domain controller assigns to an object in a domain in order to identify it. SIDs are assigned to all sorts of things including user accounts, groups, and computers. Windows takes special care to make sure that these SIDs are unique amongst all objects.

Unfortunately, there are some cases in which duplicate SIDs can exist. One of the more common ways this can happen is in environments that manage desktop computers through imaging. Most enterprise disk imaging software provides the functionality to ensure new SIDs are generated when a disk is cloned (sysprep should also do this), but for various reasons this isn’t always done.

Microsoft has a tool that can be used to find these duplicate SIDs and generate new ones. This tool is cleverly named newsid.exe and can be downloaded here: http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx.

Duplicate SIDs can cause all sorts of problems from preventing network applications from running correctly to rendering WSUS useless. If you suspect you have duplicate SIDs floating around your network, this tool should do the trick!

About Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.