Finding and Fixing Duplicate SIDs on the Network

by Chris Sanders [Published on 26 Nov. 2008 / Last Updated on 26 Nov. 2008]

Duplicate SIDs on the network can cause all types of problems. Why would we have duplicate SIDs and how to we correct it?

A security identifier (SID) is a unique name that a domain controller assigns to an object in a domain in order to identify it. SIDs are assigned to all sorts of things including user accounts, groups, and computers. Windows takes special care to make sure that these SIDs are unique amongst all objects.

Unfortunately, there are some cases in which duplicate SIDs can exist. One of the more common ways this can happen is in environments that manage desktop computers through imaging. Most enterprise disk imaging software provides the functionality to ensure new SIDs are generated when a disk is cloned (sysprep should also do this), but for various reasons this isn’t always done.

Microsoft has a tool that can be used to find these duplicate SIDs and generate new ones. This tool is cleverly named newsid.exe and can be downloaded here:

Duplicate SIDs can cause all sorts of problems from preventing network applications from running correctly to rendering WSUS useless. If you suspect you have duplicate SIDs floating around your network, this tool should do the trick!

See Also

The Author — Chris Sanders

Chris Sanders is a network security analyst for EWA Government Systems Inc. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.

Featured Links