Server SIDs and cloning.

Lanz

Lanz

Lanz

Soldato
Joined
26 Nov 2002
Posts
6,852
Location
Romford
Am I corrected in saying, that in a domain enviroment, you dont have to sysprep cloned Win2003 VMs for them to work properly?

My vanilla server image is in a workgroup, I then clone it, change it's name and then join the domain. If this all I have to do? Or do I have to faff around with newsid or sysprep?

cheers
 
Cheers, I kinda guessed you didn't, as I've created 6 now and they all joined the domain fine with no error events etc. I was just checking, as I dont want to hand these over to the owners and then have them shouting at me when they dont work.
 
I'm just presuming it works, as they have joined the domain fine, I can login using a domain account, and WSUS picks them up (this was always flakey with cloned machined)

I'd get errors if the SIDs were the same wouldn't I?
 
From wiki

"Now the truth is that when the computers are joined into a domain (Active Directory or NT domain for instance), each computer has a unique Domain SID which is recomputed each time a computer enters a domain. Thus there are usually no real problems with Duplicated SIDs when the computers are members of a domain, especially if local user accounts are not used. If local user accounts are used, there is a potential security issue that is the same as the one described above when the computers are members of a Workgroup but that affects only the files and resources protected by local users, not by domain users"

ok, well I ran newsid on all the machines I cloned, and they do have teh same SID still, even after being cloned from a workgroup server, renaming and joining the domain. I guess the Domain SID is somewhere else.

I'll randomly change these SIDs anyway, as it cant do any harm huh.. (or will have I to leave/join the domain again once I do it?)
 
Then its a pain to keep your base image upto date with hotfixes, as everytime you start it, to update it, it'll go through the sysprep process.

What I'll do from now on is just clone the machine, and before I do anything else on it, I'll newsid it. Not that it really matters anyway, as the Domain SID overrides local SID in all things AD wise.

I've found out since asking the initial question here that we have LOTS of servers on in our domain made by previous people to me that have the same SID, and they have been working fine for years.
 
You must log in or register to reply here.
Back
Top Bottom