Thursday, December 25, 2008

Find and Clean Up Duplicate Security Identifiers with Ntdsutil in Windows Server 2003

This article describes how to check for and clean up or remove duplicate security identifiers (SIDs) in the SAM database

Start Ntdsutil

To start Ntdsutil:
Click Start, and then click Run.
In the Open box, type ntdsutil, and then press ENTER. To access Help at any time, type ? at the command prompt, and then press ENTER.

Look for a Duplicate SID

At the Ntdsutil command prompt, type security account management, and then press ENTER.
At the Security Account Maintenance command prompt, type connect to server DNSNameOfServer, and then press ENTER. Connect to the server that stores your SAM database.
At the Security Account Maintenance command prompt, type check duplicate sid, and then press ENTER. A display of duplicates appears.

Clean Up a Duplicate SID

At the Ntdsutil command prompt, type security account management, and then press ENTER.
At the Security Account Maintenance command prompt, type connect to server DNSNameOfServer, and then press ENTER. Connect to the server that stores your SAM database.
At the Security Account Maintenance command prompt, type cleanup duplicate sid, and then press ENTER. Ntdsutil confirms the removal of the duplicate.
At the Security Account Maintenance command prompt, type q, and then press ENTER.
When you are finished with Ntdsutil, type q, and then press ENTER.

Further reference: http://support.microsoft.com/kb/816099

No comments: