Active directory with duplicate machine SIDs
Duplicate machine SIDs are not a problem. This is why tools like NewSID are deprecated. In fact, in the blog post about why NewSID is deprecated, there are about 2 pages of text that explain why it's not a problem.
The only time that a local machine SID is exposed outside of that machine is when the first DC in a domain is promoted. It's local SID is used to create the domain SID. This explains why you have problems with cloned DCs.