Windows Server cannot join an Active Directory domain due to duplicate SID’s

A Windows error: “The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system installation. Run sysprep on this machine in order to generate a new machine SID.

Solution:

Run sysprep.exe in a Command Prompt window to generate a new SID.
1. Type c:\windows\system32\sysprep\sysprep.exe /oobe /generalize /reboot and press Enter in the Command Prompt window to change the SID and run OOBE.

Advertisements

How to shutdown domain users client computers with Group Policy

There are some organizations that require you to shutdown the computer at the end of business. Now what happens if that user would shutdown a system that is needed. Well lucky for us we can create a Group Policy Object (GPO) to do this. We are going to add a policy that only allows the management staff to power-off production computers.

  1. Log on to the Windows Server 2012 Active Directory domain controller with the Enterprise Admin or Domain Admin account.
  2. If not already started, initialize the Server Manager window from the bottom left corner of the screen.
  3. On the opened Server Managerwindow, go to the Tools menu from the menu bar.
  4. From the displayed list, click Group Policy Management.
  5. On the opened Group Policy Managementconsole, from the left pane, expandForest > Domains, and then expand the domain name. (MYDOMAIN.COM for this demonstration.).
  6. From the expanded list, right-click the domain name or the target OU, users of which you want to keep from shutting down the domain client computers on their own.
  7. From the displayed context menu, click the Create a GPO in this domain, and Link it here
  8. On the opened New GPObox, specify a self-explanatory name for the GPO in theName
  9. From the Source Starter GPOdrop-down list, choose a starter GPO of your choice if you have created any.
  10. Once done, click OKto create and link the new GPO to the target domain or OU.
  11. Once this is done, right-click the newly created GPO.
  12. From the displayed context menu, click Edit.
  13. On the opened Group Policy Object Editorsnap-in, from the left pane, under the Computer Configuration, locate and select PoliciesWindows Settings >Security Settings > Local Policies > User Rights Assignment.
  14. Once selected, from the right pane, double-click the Shut down the system
  15. On the opened Shut down the system Properties box, check Define these policy settings
  16. Click the enabled Add User or Group button and add the domain users or groups that you want to allow to shut down the client computers. (Domain Admins and Enterprise Admins for this demonstration.).Note:Only the users and groups added in this list will be able to shut down the system. All other users and groups will be automatically disallowed to shut the domain client computers down as soon as the policy becomes applicable.
  17. Back on the Shut down the system Properties box, click OK.
  18. Close the Group Policy Object Editorsnap-in.
  19. Press the Windowskeys simultaneously to initialize the Run command box.
  20. In the available field in the Run command box, type the GPUPDATE /FORCE command and press Enter key in order to update the group policy settings.