Exactly how is a SID created?
Exactly how is a SID created? In particular, what keeps one PC from creating a local SID that another PC hasn?t also picked?
A SID, that unique number that identifies a user account on a Windows system, is created when the account is created. The reason it will not be the same as another user account's SID on another machine, is that each machine receives its own special machine SID, and the use SID is partially a machine identifier and a unique user ID. In a Windows domain, every domain user account consists of a domain ID, and a unique user ID. In a Windows forest, one more step is added, the unique identifier or Relative ID (RID) numbers are controlled by a master function, the RID Master, so that no two domains will share RIDs.
The question does remain, why isn't it possible that the computer or domain ID might be repeated? This number is calculated when the computer is installed and uses unique information in the calculation to ensure that the number is unique. Of course, there is no 100% guarantee, but the algorithm has been evaluated by those more mathematically knowledgeable than me, and they seem satisfied. You should also understand that some older server mirroring/cloning technologies did not change the SID, and we did see the problem you are envisioning -- duplicate SIDS, when people used them to create multiple clones of a single install.
This was first published in December 2003