If you’ve been working with Windows Server based networks for a long time, you probably take it as a given that you shouldn’t have two computers with the same Security Identifier (machine SID). The SID is the unique numeric identifier by which security principals – users, groups and machines – are designated. If you deploy Windows using image files, some deployment tools don’t generate a new SID and you end up with duplicates. One way to fix that has been to use the Sysinternals tool called NewSID to change it. Last November, however, the utility was retired. In this article, Mark Russinovich explains how the SID works and why duplicate SIDs – in most cases – don’t present a problem. There is, however, one exception to that rule. Find out when and why it matters in Mark’s excellent blog post, The Machine SID Duplication Myth:
http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx