Ask the Expert

Exactly how is a SID created?

Exactly how is a SID created? In particular, what keeps one PC from creating a local SID that another PC hasn?t also picked?
A SID, that unique number that identifies a user account on a Windows system, is created when the account is created. The reason it will not be the same as another user account's SID on another machine, is that each machine receives its own special machine SID, and the use SID is partially a machine identifier and a unique user ID. In a Windows domain, every domain user account consists of a domain ID, and a unique user ID. In a Windows forest, one more step is added, the unique identifier or Relative ID (RID) numbers are controlled by a master function, the RID Master, so that no two domains will share RIDs.

The question does remain, why isn't it possible that the computer or domain ID might be repeated? This number is calculated when the computer is installed and uses unique information in the calculation to ensure that the number is unique. Of course, there is no 100% guarantee, but the algorithm has been evaluated by those more mathematically knowledgeable than me, and they seem satisfied. You should also understand that some older server mirroring/cloning technologies did not change the SID, and we did see the problem you are envisioning -- duplicate SIDS, when people used them to create multiple clones of a single install.

This was first published in December 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: