There doesn’t seem to be very much agreement on the problems or even if duplicate SIDs are a problem within Active Directory. I’ve been reading other blogs and some say that its only a problem within work-groups and with Active Directory there is nothing to worry about. Within AD I have seen duplicate SIDs cause machines not to correctly join the domain, and problems connecting to network resources. It only takes a few minutes to run sysprep so I chose to error on the side of caution.
The best way to prevent duplicate SIDs is to sysprep systems before cloning them. Microsoft will only offer support for images that have been syspreped. SysPrep will remove the SID from the reference computer and set the image back to the OOBE “Out of box experience”, but the image will retain the configuration changes ans application install made on the reference computer.
Image building instructions including sysprep to remove the SID:
http://www.shudnow.net/2008/05/05/unattended-server-2008-base-image-creation-using-wsimsysprep/
Note that Sysprep resets other machine-specific state that, if duplicated, can cause problems for certain applications like Windows Server Update Services (WSUS), so MIcrosoft’s support policy will still require cloned systems to be made unique with Sysprep.
Leave a Reply
You must be logged in to post a comment.