I'm preparing to image around fifty workstations and I'm wondering about the importance of duplicate machine SIDs in the process. I've heard that managing SIDs is becoming more of an issue than it used to be, especially going into 2025. My main questions are: Do I need to do anything beyond sysprep to avoid SID duplication issues when cloning workstations to join a Windows server domain? Here's my current plan:
1. Install and configure necessary software while keeping the machines off the domain and not activating Windows.
2. Run sysprep with the generalize and OOBE options before shutting down.
3. Capture the disk image to a file.
4. Deploy the image onto the workstation disks and join them to the domain.
5. Activate Windows and complete any additional configurations after joining the domain.
Is this approach effective? Also, should I consider using audit mode? In my previous experience with smaller batches, I've never encountered issues with duplicate SIDs. However, I want to ensure I'm doing everything correctly with this larger batch. Thanks for any insights!
4 Answers
I can confirm that SIDs do matter, but if you’re systematic with checking for duplicates, you should be fine. Stick to your plan and keep track of the SIDs, and you’ll avoid headaches down the line.
Your outline looks solid! The `sysprep /generalize` command will take care of removing the SIDs, so you shouldn’t worry about that. Audit mode is useful for installing apps and setting up any extra local admin accounts you need. Just a heads up, using the audit option in sysprep can help you get there if the usual key combos don't work. Also, check out using an unattend.xml file to skip the OOBE wizard; it can help automate the process of joining the domain and setting the computer name. It takes some setup, but it's definitely worth it! And if you're dealing with file shares, a boot disk could help streamline the whole imaging process too.
You’re on the right track! Just remember to test each machine for SID uniqueness as you go. Other than that, your approach should work well with the scale you're dealing with.
We actually use a tool called SID Changer that works really well. It's non-intrusive and keeps your profiles intact, so consider checking it out if you run into issues or want an easier way to manage SIDs.
I completely agree! Using audit mode is key because it stops unwanted Microsoft Store apps from messing up the sysprep process.