All Products
Search

This Product

    :What to do if instances cannot access or join the same AD domain

    Document Center

    :What to do if instances cannot access or join the same AD domain

    Last Updated:Nov 24, 2025

    This topic describes how to resolve issues that occur when multiple instances cannot access or join the same Active Directory domain.

    Problem description

    After you create multiple Elastic Compute Service (ECS) instances from the same Windows Server image, the instances cannot access or join the same Active Directory (AD) domain.

    Cause

    ECS instances created from the same Windows Server image have the same security identifier (SID). This prevents them from accessing the same AD domain. You must modify the SID of each instance before you set up the domain environment.

    Solutions

    Create Windows instances with unique SIDs

    Use the latest public image to create instances. This issue is resolved in the latest public images.

    Create a custom image

    1. Follow Steps 1 to 7 in the Modify the SID of a Windows instance section.

    2. Run the following command to execute the script. 

      .\AutoSysprep.ps1 -PostAction "shutdown"

    3. Create a custom image. For more information, see Create a custom image from an instance. You can then create instances based on this custom image.

    Modify the SID of a Windows instance

    Windows has a built-in sysprep command that removes specific system information, including the SID, from an installed Windows image. This topic uses the PowerShell script file AutoSysprep.ps1 to run the sysprep command and modify the SID of a Windows instance. Note that the sysprep command resets the user profile to its default value. Any files on the desktop are deleted after you run the sysprep command. If you want the script to be automatically deleted after it resolves the issue, place the script file on the desktop before you run it.

    Procedure

    1. Create a snapshot of the system disk of the instance to prevent data loss.

      For more information, see Create a snapshot.

    2. Remotely connect to the ECS instance.

      For more information, see Connect to a Windows instance using Workbench.

    3. Log on to the system terminal and run the powershell command to enter PowerShell interactive mode.

      Note

      You must run the powershell command as an administrator.

    4. Switch to the root directory of the C drive.

      cd\

    5. View the system SID. 

      whoami /user

    6. Download the AutoSysprep script tool and upload it to the C drive of the instance.

    7. Go to the directory where the AutoSysprep.ps1 script is located and run the following command to view its instructions. 

      .\AutoSysprep.ps1 -help

    8. Execute the script. 

       .\AutoSysprep.ps1 -SkipRearm -Password "<$Password>" -PostAction "reboot"       //<$Password> is the password that you want to set.

    9. Wait for a moment and then log on to the instance again. Run the following command to confirm that the system SID has changed. You can then use the ECS instance to set up an AD domain environment. 

      whoami /user

    More information

    Parameters

    The parameters for the AutoSysprep.ps1 script are described below:

    • -SkipRearm: Keeps the current license state of the Windows operating system. If you do not include this parameter, AutoSysprep restores the Windows instance to its original license state.

    • -Password: Resets the password for the instance. The password must meet the following requirements:

      • The password must be 8 to 30 characters in length and cannot start with a forward slash (/).

      • The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. The allowed special characters are:

        ( ) ` ~ ! @ # $ % ^ & - _ + = | { } [ ] : ; ’ < > , . ? /

      • The default value for the -Password parameter is randomly generated by AutoSysprep.

      Note

      If you forget to set a password, you can reset it in the ECS console after you modify the system SID.

    • -Hostname: Resets the hostname for the instance. The hostname has the following limitations:

      • The hostname must be 2 to 15 characters in length. It cannot contain periods (.) or consist entirely of digits.

      • The hostname can contain uppercase letters, lowercase letters, digits, and hyphens (-).

      • The hostname cannot start or end with a period (.) or a hyphen (-). Consecutive periods or hyphens are not allowed.

      • The default value for the -Hostname parameter is randomly generated by AutoSysprep.

    • -PostAction: The operation to perform after the script runs. The valid values are:

      • shutdown: The default value. Stops the instance after the SID is modified.

      • reboot: Restarts the instance after the SID is modified.

      • quit: Remains in the instance after the SID is modified.

    • -help: Displays the description of the script and the custom parameters for AutoSysprep.ps1.

    Error when viewing script instructions on Windows Server 2008

    Symptom

    You run the following command to view the script instructions.

    .\AutoSysprep.ps1 -help

    Solution

    Run the following command to grant the required permission.

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

    'Not digitally signed' error when running the script on Windows Server 2008

    Symptom

    You run the following command to execute the script.

     .\AutoSysprep.ps1 -skiprearm -postaction "reboot"

    Solution

    Run the following command to execute the script.

    powershell -executionpolicy bypass -file c:\AutoSysprep.ps1 -skiprearm -postaction "reboot"
    Note

    If you do not have specific requirements, AutoSysprep randomly generates a password and a hostname.