All Products
Search
Document Center

Modify the system ID (SID) of a Windows instance

Last Updated: Apr 03, 2020

Disclaimer: this document may contain information about third-party products that are for reference only. Alibaba Cloud does not make any guarantee, express or implied, with respect to the performance and reliability of third-party products, as well as potential impacts of operations on the products.

 

Problem Description

When you create ECS instances from the same Windows Server image, none of the instances can access each other or join the AD domain at the same time.

 

Cause of problem

The computer Security identifiers (SID,Security Identifier) of the instances that use the same Windows Server image are the same, so the instances cannot access the AD domain. In this case, you need to modify the instance SID and create a domain environment.

 

Solution

Alibaba Cloud reminds you that:

  • If you have any risky operations on an instance or data, pay attention to the disaster tolerance and fault tolerance capabilities of the instance to ensure data security.
  • If you modify the configuration and data of an instance (including but not limited to ECS and RDS), we recommend that you create snapshots or enable RDS log backup.
  • If you have granted permissions on the Alibaba Cloud platform or submitted security information such as the logon account and password, we recommend that you modify the information as soon as possible.

 

Modify the system ID (SID) of a Windows instance

The sysprep command built into Windows systems removes specific system information, including the SID, from an installed Windows image. This article uses the AutoSysprep.ps1 script file of PowerShell to modify the SID of a Windows instance by using the built-in sysprep command in the system. It should be noted that the sysprep command will restore the User Profile to its default value. After executing the sysprep command, the files created on the desktop will be deleted. If you want to automatically delete the script after repairing the failure, you can place the file on the desktop for execution.

  1. Create a snapshot for the system disk of an instance. For more information about how to create a snapshot, see create a snapshot. Create a snapshot to avoid unexpected system crashes.
  2. Log on to an instance. For more information about how to log on to an instance, see connect to a Windows instance from a local client.
  3. Log on to the system terminal and run powershell commands to enter the PowerShell interactive mode.
    Tips: powershell commands must be executed as an administrator user.

  4. Run the cd \command to switch to the root directory of the C disk.
  5. Run the following command to view the system SID:
    whoami /user
    A similar output is displayed.

  6. Use the following link to download the AutoSysprep script and upload it to the C drive of the instance.
    http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/assets/attach/40846/cn_zh/1542198598487/AutoSysprep.ps1
  7. Go to the directory where the AutoSysprep.ps1 script tool is located, and run the following command to view the script tool description.
    . \AutoSysprep.ps1 -help
    A similar output is displayed. For more information about the parameters, see more information.

  8. Run the following command to run the script:
     . \AutoSysprep.ps1 -SkipRearm -Password "[$Password]" -PostAction "reboot"
    Note:[$Password] is the Password that you want to set.
  9. Wait for a while and log on to the instance again.
    Note: If you are using classic network instances, you need to connect to a Windows instance by using a management Terminal after the configuration, the network can be connected.
  10. Run the following command to check whether the system SID has changed: Then you can build an AD domain environment using an ECS instance.
    whoami /user

 

How do I create instances with different SIDS in batches?

This issue can be fixed by using the latest public image to create an instance.

 

More information

The AutoSysprep.ps1 script tool parameters are described as follows:

  • -SkipRearm parameter: retain the Windows operating system to the current licensed state. If you do not add this parameter, AutoSysprep restores the Windows instance to its original licensed state.
  • -Password parameter: the password of the instance. The password rules are as follows.
    It must be 8 to 30 characters in length and cannot start with a forward slash (/). The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special character. Some special character are as follows: The default value of the-Password parameter is randomly generated by AutoSysprep.
    Tips: If you forget to set the password, you can modify the system SID and then reset the password in the ECS console.
    ( ) &#39;~! @# $%^&- _ + =|{} [ ] : ; &#39; < > , . ? /

  • -Hostname parameter: reset the hostname of the instance. Host name restrictions are as follows.
    The value of hostname characters in length from 2 to 15. The hostname cannot contain only digits. It can contain uppercase or lowercase letters, digits, and hyphen (-). Point (.) And hyphen (-) cannot start or end characters. By default, The-Hostname parameter is randomly generated by AutoSysprep.
  • -PostAction parameter: the subsequent operation after running the script. The following table describes the parameters.
    • shutdown: this is the default option. You can stop the instance after changing its SID.
    • reboot: Restart the instance after you modify its SID.
    • quit: changes the SID and stays within the instance.
  • -help parameter: For more information about script, see Introduction to script tool. You can customize the parameter using AutoSysprep. PS1.

 

An error is reported when viewing the Script Description Windows Server 2008 the system.

Problem phenomenon

Run the following command to view the script description:

. \AutoSysprep.ps1 -help

A similar output is displayed.

 

Solution

Run the following command to add permissions:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

 

When the Windows Server 2008 runs the script, the system prompts that the script is not digitally signed.

Problem phenomenon

Run the following command to run the script:

 . \AutoSysprep.ps1 -skiprearm -postaction &quot;reboot&quot;

A similar output is displayed.

Symptom

 

Solution

Log on to the system terminal and run the following command to run the script:

powershell -executionpolicy bypass -file c:\AutoSysprep.ps1 -skiprearm -postaction &quot;reboot&quot;

Note: If there are no specific requirements, AutoSysprep will randomly generate a password and host name.

 

Applicable to

  • Elastic Compute Service

 

If your problem is still not solved, you can go to the Alibaba Cloud community free Consultation, or submit a ticket contact Alibaba Cloud technical support personnel.