Home > IT Answers > Windows Server > Change SID of an Object in AD
Loganoop
20 pts.
 Change SID of an Object in AD
Active Directory, Windows Security
Hi Can we the change the SID of an object ? When should we do it & how to changed the SID of an object in Active Directory environment. Thanks in advanced.

Software/Hardware used:
ASKED: December 28, 2007  9:43 AM
UPDATED: January 3, 2008  5:10 AM
RELATED QUESTIONS
Answer Wiki:
You shouldn't ever need to change the SID of an object within AD. Why are you trying to change the SID? I have done this numerous times. When deploying machines from an image that wasn't created from sysprep, also virtual machines created from base image. MS/sysinternals has a tool called NEWSID <a href="http://technet.microsoft.com/en-us/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9.aspx ">link</a>
Last Wiki Answer Submitted:  December 31, 2007  2:20 pm  by  Denny Cherry   64,520 pts.
All Answer Wiki Contributors:  Denny Cherry   64,520 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

I am not sure what your reasons are for wanting to change the SID of an object, outside of those already stated by Spadasoe and Mrdenny, except in the case of a migration when you may wish to preserve SID History. In this case, you would be adding or the previous SID in order for an object to retain access to resources without having to re-ACL them.

Microsoft article on SID History http://technet2.microsoft.com/WindowsServer/en/Library/6aef68d1-3479-4713-94be-38f8fd02919e1033.mspx

Wrobinson
 5,610 pts.