No announcement yet.


  • Filter
  • Time
  • Show
Clear All
new posts

  • SID and RID

    HI pple

    I am very new to IT field.. i wud like to understand what is the use id SID and RID.

    I understand these are some security identifiers which will be issued by the domain controllers when creating an object(user/computers/groups).
    How this SID works, I have gone thru some articles but failed to understnd more.
    I wud like to knw what is purpose of SID , Wat happenes if duplicate SID comes(Cloning the PCs) into the network


  • #2
    Re: SID and RID

    From an article i found :

    Security Identifiers (SIDs)

    Instead of using names (which might or might not be unique) to identify entities that perform actions in a system, Windows uses security identifiers (SIDs). Users have SIDs, and so do local and domain groups, local computers, domains, and domain members. A SID is a variable- length numeric value that consists of a SID structure revision number, a 48-bit identifier authority value, and a variable number of 32-bit subauthority or relative identifier (RID) values. The authority value identifies the agent that issued the SID, and this agent is typically a Windows local system or a domain. Subauthority values identify trustees relative to the issuing authority, and RIDs are simply a way for Windows to create unique SIDs based on a common- base SID. Because SIDs are long and Windows takes care to generate truly random values within each SID, it is virtually impossible for Windows to issue the same SID twice on machines or domains anywhere in the world.
    When displayed textually, each SID carries an S prefix, and its various components are separated with hyphens:


    In this SID, the revision number is 1, the identifier authority value is 5 (the Windows security authority), and four subauthority values plus one RID (112 make up the remainder of the SID. This SID is a domain SID, but a local computer on the domain would have a SID with the same revision number, identifier authority value, and number of subauthority values.
    When you install Windows, the Windows Setup program issues the computer a SID. Windows assigns SIDs to local accounts on the computer. Each local-account SID is based on the source computer's SID and has a RID at the end. RIDs for user accounts and groups start at 1000 and increase in increments of 1 for each new user or group. Similarly, Dcpromo.exe, the utility used to create a new Windows domain, issues a SID to domains it creates. Windows issues to new domain accounts SIDS that are based on the domain SID and have an appended RID (again starting at 1000 and increasing in increments of 1 for each new user or group). A RID of 1028 indicates that the SID is the 29th SID the domain issued.
    Windows issues SIDS that consist of a computer or domain SID with a predefined RID to many predefined accounts and groups. For example, the RID for the administrator account is 500, and the RID for the guest account is 501. A computer's local administrator account, for example, has the computer SID as its base with the RID of 500 appended to it:


    Windows also defines a number of built-in local and domain SIDs to represent groups. For example, a SID that identifies any and every account is the Everyone, or World, SID: S-1𢴎. Another example of a group that a SID can represent is the network group, which is the group that represents users who have logged on to a machine from the network. The network-group SID is S-1-5-2

    Finally, Winlogon creates a unique logon SID for each interactive logon session. A typical use of a logon SID is in an access-control entry (ACE) that allows access for the duration of a client's logon session. For example, a Windows service can use the LogonUser function to start a new logon session. The LogonUser function returns an access token from which the service can extract the logon SID. The service can then use the SID in an ACE that allows the client's logon session to access the interactive window station and desktop. The SID for a logon session is S-1-5-5-0, and the RID is randomly generated.

    for q 2 :



    • #3
      Re: SID and RID

      There used to be a lot of fuss regarding duplicate SIDs on the network, however it was found that dublicate SIDs on the domain is not an issue, for full details and an interesting read:


      • #4
        Re: SID and RID

        Originally posted by toastman View Post
        There used to be a lot of fuss regarding duplicate SIDs on the network, however it was found that dublicate SIDs on the domain is not an issue, for full details and an interesting read:
        I think the problems were occuring more on the fact that proper cloning practices aren't being followed.
        If you clone a machine from a another one that's already joined to the domain and keep the SID then, you are going to have those problems, and also if the machine cloned is promoted to the first DC on the forest without changing the SID.

        Good link by the way
        Caesar's cipher - 3