Re: Duplicate SIDs

Hyena is displaying the information returned by Windows. Why is this different from the other utility? We have no way of knowing.

Re: Duplicate SIDs

Let me know what function or method you are using in Hyena to get the SID information and I can maybe explain what you are seeing.

Thanks

Re: Duplicate SIDs

Running running an ExportPro report selecting objectSID

Re: Duplicate SIDs

If these computers are domain controllers, I assume you know that their SIDs would be identical. But you are probably wanting to get the SIDs of computers or non-DC servers, and the way M$ and AD works is a bit strange.

When you install Windows on a computer, it is assigned a unique SID as part of the installation process. Local users and groups created on this computer will be assigned this same SID, plus a unique number called a RID. So if you look at the SID of the local administrators account on a computer, the first portion of the SID (minus the RID part) will be the computer's SID. All this happens completely independent of Active Directory.

Active Directory confuses things by creating SIDs for user, groups, and computers which are considered 'security objects'. The 'objectsid' directory attribute is the domain's SID, plus the RID value. For any given domain, you can compare the SID values for a computer, user, or group and find that they are identical except for the last portion, the RID.

This question comes up from time-to-time when people compare the output of PsGetSid to Hyena's AD displays and want to know where it comes from. Basically, one is a local SID the other is a unique value assigned in AD to identify the object.

The easiest way to get a list of SIDs for each computer is to run an Exporter Pro export of the local computer users and look at the admin account's SID, or download psgetsid from sysinternals.com