Announcement

Collapse
No announcement yet.

Reset User SID in AD

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reset User SID in AD

    Hello Team,

    is there a way to rest AD user SID?
    I have an app that identified user by their SID. and logged user history by that SID.
    for example I have a account with user ID: Helpdesk.
    now that person is gone, but instead of delete the account and recreate. I just want to reset the SID so the app will it as a new user instead of existing user.

    Thanks,
    HN

  • #2
    Re: Reset User SID in AD

    No you cann't assign SID of user account to another account.

    Comment


    • #3
      Re: Reset User SID in AD

      i don't quite get what u mean by resetting an SID. reset to what?

      SIDs are unique as they are a combinination of the domain id and a relative id issued by the RID master. see this quote from the active directory resource kit:

      The RID master is a per-domain operations master role. It is used to manage the RID pool to
      create new security principals throughout the domain, such as users, groups, and computers.
      Each security principal is issued a unique security identifier (SID) that includes a domain
      identifier, which is the same for all SIDs in the domain, and a relative identifier (RID), which
      is unique for each security principal. Because security principals can be created on any
      domain controller with a writable copy of the directory, the RID master is used to ensure that
      two domain controllers do not issue the same RID. The RID master issues a block of relative
      identifiers (RIDs), called the RID pool, to every domain controller in the domain. When the
      number of available RIDs in the RID pool on any domain controller begins to run low (below
      about 100), a request is made for another block of RIDs from the RID master. When this
      happens, the RID master issues a pool of about another 500 RIDs to the domain controller.
      if ur user left the company, why not just rename the account to whatever makes sense to you, reset his password, and keep using the account for your application?

      Comment


      • #4
        Re: Reset User SID in AD

        Originally posted by sunseeker11 View Post
        if ur user left the company, why not just rename the account to whatever makes sense to you, reset his password, and keep using the account for your application?
        ... because the back end of an application shouldn't use a user account. They should use a service account.

        Humannetwork: Why would you want to do that? Please be more specific.
        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Reset User SID in AD

          true. and renaming it to for example "svc-helpdesk", resetting the password and documenting the whole thing would do the trick.
          also make sure to remove it from any security groups it does not need to be a member of.

          Comment


          • #6
            Re: Reset User SID in AD

            Okay..
            we are using Moodle for training.. Moodle pulled users from AD db. I believed moodle identify those users with the SID that given by the AD.

            let say I'm HumanNetwork and my title is helpdesk.
            my username: humannetwork
            my email: [email protected]

            Now I left the company and they hired ahmer_sahab to replace my pos.
            user: ahmer_sahab
            email: [email protected]

            now let say if I went thru some of the training in moodle. and if we rename my account to ahmer_sahab then mood still see ahmer_sahab as me because it the same SID. now ahmer_sahab will pickup from where I left instead of start the training over as a new employee.

            So my thought was instead of delete the account completely, and recreate everything from scratch so the app can identified that user as a new user.

            I guess you guys just switch on the light bulb on me.
            I still can remain the account, then go into the moodle and delete the old user off moodle database. This would works...

            Comment


            • #7
              Re: Reset User SID in AD

              yup, sounds like idea. give a try

              Comment


              • #8
                Re: Reset User SID in AD

                Yeah, that might work, but personally I'd create yourself a new account, and make the helpdesk email address a distribution list account, or at least redirect the emails to yourself, and of course create a new Moodle account. That way all that putzing around wouldn't have to be done again.
                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment

                Working...
                X