SIDS, Images and Trusts

Discussion in 'Windows Server 2003 / 2008 / 2012 / 2016' started by Clyde, Jan 12, 2007.

  1. Clyde

    Clyde Megabyte Poster

    558
    15
    62
    OK folks, thought I'd share this little 'issue' I just had. To date I've had access to enough h/w to build whatever systems I wanted but since I've changed countries and jobs thats not the case anymore!

    So, on my brand spanking new vmware home lab I created an image of server 2003, then copied it a few times, booted each copy, authorised and renamed it, set the ip etc etc...

    cool, 3 copies of server 2003. So.. what's the problem.. well, I set up 2 forests and was playing with trusts. I was attempting to create a cross forest trust but kept getting an error - trust relationship cannot be created. operation can not be performed on the current domain

    DNS checked out and I couldn't figure it...

    Anyhow, for those of you making and using images, the answer was simple (in the end)

    Each copy of Server 2003 had the SAME SID!!

    The answer - there's a nifty utility on sysinternals to rename sids - just run it BEFORE you install AD!

    here it is for reference.
    http://www.sysinternals.com/Files/NewSid.zip

    BTW I got the solution from experts-exchange
     
    Certifications: A+, Network+, Security+, MCSA, MCSE
    WIP: MCITP
  2. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Clyde,

    Thanks for sharing the answer with us.

    I was looking for that same tool around the time that the developer behind sysinternals went to work for Microsoft, so when it wasn't obvious I assumed it was something they removed.
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  3. Clyde

    Clyde Megabyte Poster

    558
    15
    62
    glad to be of service!
     
    Certifications: A+, Network+, Security+, MCSA, MCSE
    WIP: MCITP
  4. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    Cool Clyde, just goes to highlight the problems of using cloned images and duplicating SIDs.

    Now maybe if you had used Sysprep :dry
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  5. Clyde

    Clyde Megabyte Poster

    558
    15
    62
    it was a lot quicker to go cut and paste than to run sysprep and create an answer file... it's still easier to run the sid generator than run sysprep come to think of it!

    But I hear ya.. sysprep would be the 'proper' way to do it.. but I wasn't thinking...
     
    Certifications: A+, Network+, Security+, MCSA, MCSE
    WIP: MCITP
  6. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,878
    181
    256
    It's still good to know that you can recover from this problem *after* configuring all your servers, with that neat bit of software Newsid!
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.