This topic describes how to resolve the issue that Elastic Compute Service (ECS) instances cannot access the Active Directory (AD) domains of each other or instances cannot be added to the same AD domain at the same time.
Problem description
After you use the same Windows Server image to create multiple ECS instances, the instances cannot access the AD domains of each other or cannot be added to the same AD domain at the same time.
Cause
Instances that use the same Windows Server image have the same security identifier (SID). Therefore, the instances cannot access the AD domains of each other. You must change the SID of the instances and then build a domain environment.
Solutions
Create multiple Windows instances that have different SIDs at a time
The issue is fixed in the latest public images. Use a latest public image to create instances at a time. The instances have different SIDs.
Change the SID of a Windows instance
The built-in sysprep command in Windows can be run to remove specific system information from images used by Windows instances, including SIDs. In this example, the AutoSysprep.ps1 script file of PowerShell is used to change the SID of a Windows instance by running the built-in sysprep command. Note that the sysprep command restores User Profile to the default value. After the sysprep command is run, the files created on the desktop are deleted. If you want the script to be automatically deleted after the issue is resolved, place the AutoSysprep.ps1 script file on the desktop and execute the script.
Procedure
Create a snapshot for the system disk of the instance to prevent data loss.
For more information, see Create a snapshot of a disk.
Connect to the instance.
For more information, see Connect to a Windows instance by using a password or key.
Start Command Prompt and run the
powershellcommand to enter the PowerShell interactive mode.NoteYou must run the
powershellcommands as an administrator.Run the following command to switch to the root directory of the C drive:
cd\Run the following command to view the SID of the instance:
whoami /userA command output that is similar to the following one is displayed.
Click AutoSysprep to download the AutoSysprep script tool and upload the tool to the C drive of the Windows operating system.
Go to the directory where the
AutoSysprep.ps1script tool is located and run the following command to view the description of the script tool:.\AutoSysprep.ps1 -helpA command output that is similar to the following one is displayed. For information about the parameters, see More information.
Run the following command to run the script:
.\AutoSysprep.ps1 -SkipRearm -Password "<$Password>" -PostAction "reboot"Note<$Password>specifies the password for the instance.Wait for a while and log on to the instance again.
NoteIf the instance resides in the classic network, you must use a Virtual Network Computing (VNC) management terminal to connect to the instance. For more information, see Connect to a Windows instance by using a password.
Run the following command to confirm that the SID of the instance is changed. Then, you can use the instance to build an AD domain environment.
whoami /user
More information
Parameter description
The following section describes the parameters of theAutoSysprep.ps1 script tool:
-SkipRearm: retains the Window operating system in the current licensing state. If you do not specify this parameter, AutoSysprep restores the Windows operating system to the original licensing state.
-Password: resets the password for the instance. The password must meet the following requirements:
The password must be 8 to 30 characters in length and cannot start with a forward slash (/).
The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters. Special characters include:
( ) ` ~ ! @ # $ % ^ & - _ + = | { } [ ] : ; ’ < > , . ? /The value of the
-Passwordparameter is randomly generated by AutoSysprep.
NoteIf you forget to set the password, you can reset the password in the ECS console after the instance SID is changed.
-Hostname: resets the hostname for the instance. The hostname must meet the following requirements:
The hostname must be 2 to 15 characters in length and cannot contain periods (.) and cannot be composed of only digits.
It can contain letters, digits, and hyphens (-).
The hostname cannot start or end with a period (.) or hyphen (-). It cannot contain consecutive periods (.) or hyphens (-).
The value of the
-Hostnameparameter is randomly generated by AutoSysprep.
-PostAction: specifies what operation to perform after the script is run. Options:
shutdown: the default option. The instance is stopped after the SID of the instance is changed.
reboot: The instance is restarted after the SID of the instance is changed.
quit: The original SID of the instance remains in the instance after the SID is changed.
-help: views the introduction of the script tool and the description of the parameters in the AutoSysprep.ps1 script.
An error occurred when you view the description of the script in Windows Server 2008
Problem description
Run the following command to view the script description:
.\AutoSysprep.ps1 -helpA command output that is similar to the following one is displayed.
Solution
Run the following command to modify the execution policy of PowerShell on the Windows operating system:
Set-ExecutionPolicy -ExecutionPolicy RemoteSignedNo digital signature is generated when the script is run on Windows Server 2008
Problem description
Run the following command to run the script:
.\AutoSysprep.ps1 -skiprearm -postaction "reboot"A command output that is similar to the following one is displayed.
Solution
Run the following command to run the script:
powershell -executionpolicy bypass -file c:\AutoSysprep.ps1 -skiprearm -postaction "reboot"If you have no special requirements, AutoSysprep randomly generates the password and hostname.