SID in AD - SID from psgetsid?

active-directory group-policy sid

Solution 1:

I think you need to read The Machine SID Duplication Myth:

http://blogs.technet.com/b/markrussinovich/archive/2009/11/03/3291024.aspx

Machine SIDs and domain SIDs/RIDs are two different things, which is why you see two different things when you run a local tool on the machine, versus an Active Directory Powershell cmdlet. A couple of notes from the comments of that blog post that you should read:

Mark Russinovich: You're granting access to the computer's Domain SID, not its machine SID. Like users, computer accounts in a Domain have passwords, but the passwords are managed by the Domain.

Mark Russinovich: yes, with the exception that machine SIDs are used as the basis for Domain SIDs, machine SIDs could have been a constant.

Also, Mark's buddy Aaron wrote a nice complement piece on the distinction between local machine SIDs and domain SIDs:

http://blogs.msdn.com/b/aaron_margosis/archive/2009/11/05/machine-sids-and-domain-sids.aspx

Aaron Margosis: You can see the machine SID on your computer by running Sysinternals PsGetSid with no parameters. You can see the second SID on a domain-joined system by passing PsGetSid the computer name followed by a $: psgetsid %COMPUTERNAME%$

Related

AWS: How to create a reverse proxy based on URLs?
Upgrade Windows Server and preserve UNC paths?
port 445 blocked by Group Policy
Need to understand : ping
How to make a domain receiving email behind cloudflare?
Cassandra: understanding replication factor
Can't access Exchange OWA from Wireless Subnet - Firewall rule?
How to get login username of the login that triggerred a task in the task scheduler
Jenkins pulling from Bonobo Git Server
WMF 4.0 & DSC on Vista? Any chance?
Using Powershell to update users home directory
Cannot install Varnish on CentOS 7