Generate a new SID on Windows Server 2008 and Windows 7

With the NewSID tool no longer supported by Microsoft for more recent versions of Windows, you may find yourself in a situation where you need to generate a new SID on a Windows Server 2008 or Windows 7 computer, and wonder which tool you need to use. I myself have run across an issue in the past in our development environment where duplicate SIDs caused a problem. Care needs to be taken when cloning Windows virtual machines, particularly if they will later be used as domain controllers.

In order to avoid any issues like this, the new preferred method to set a new SID on a Windows machine is to use Sysprep. Before running Sysprep, you may wish to verify the current SID on the sytem that you wish to modify. This can easily be done by running the psgetsid utility, which is part of the excellent Pstools developed by Mark Russinovich. The output of the psgetsid command can be seen below, showing the current machine SID:

Output of psgetsid before running Sysprep on Windows Server 2008 R2

 Next you can sysprep by running the following command:

C:\Windows\System32\Sysprep\sysprep.exe

Running Sysprep
 
On the Sysprep, screen make sure that you tick the ‘Generalize’ tick box as shown below:
 

Choose settings for the System Preparation Tool

 The Sysprep process will take a few minutes to run, and will automatically reboot the system if you chose to do so. On reboot, the following screen will be displayed. Click ‘Next’ to continue:

 

Click next to continue the Sysprep process

 After the sysprep process is complete, you can run psgetsid again to verify that a new SID has been generated for this computer:

Output of psgetsid after running Sysprep on Windows Server 2008 R2

 

 
 
 

Find an active directory users organizational unit (OU) using Powershell

Have you ever forgotten which organizational unit an active directory user resides in? You can use ‘Active Directory Users and Computers’ to quickly find the user using the ‘Find’ function but this doesn’t easily tell you which OU they belong to. Here is a very quick command to find the organizational unit (OU) that a user belongs to using Powersell, where USERNAME is the username  of the user you wish to examine. Simply run the Powershell, and then enter:

Get-ADUser USERNAME

This will return the users details, including the Distinguished Name of their account, which will show which OU they belong to.

Using Get-ADUser to obtain OU information

If you don’t know their username, you can use the filter option to search by firstname or surname. Here is an example filtering by surname where USER_SURNAME is the users surname:

Get-ADUser -filter {Surname -like “USER_SURNAME“}

Back Up All Group Policy Objects using Backup-GPO and the Group Policy Management Console

Here are a couple of quick methods to backup all of your group policy objects in one hit. The first uses the Powershell cmdlet Backup-GPO. On a Windows Server 2008 domain controller fire up Powershell, and issue the following command, where C:\PATH_TO_BACKUP is the path where you want to save the backup:

Backup-GPO -All -Path C:\PATH_TO_BACKUP

The second method uses the Group Policy Management Console. Fire up gpmc.msc, and then expand your domain. Right click on ‘Group Policy Objects’ and then choose ‘Back Up All’ as shown below:

Backing up all GPOs using the Group Policy Management Console

Browse for a location to back up to, and give a description if you need one, then click Back Up and you’re done:

Choose a location and description for the GPO backup

 

References:

http://technet.microsoft.com/en-us/library/ee461052.aspx