Friday, December 21, 2012

Dude Where Did my AD Account Go? Troubleshooting Duplicate SID's.


Hello Dear Reader!  I've been working on Setting up a Virtual Lab in using Virtual Box on my work laptop.  I originally thought of blogging through all of this but I've had a few issues.  I stepped away from this project at one point in time and was using a personal one.  However I really want to get this work on my Pragmatic Works laptop.

I may go back and do a step by step once I've got my feet underneath me, but for now I'll just be happy to have this up and running.

I've finally gotten my Domain Controller Online, Added two Servers to my Domain, and then I wanted to add a Domain Account as an Admin to each Server.  


So I logged onto the sever using the local admin, opened up Server Manager, opened up the Configuration tree, Opened Local Users and Groups, and Clicked on Administrators.

As I expected only the local admin account and a local SQL Server Account, that I'll be replacing with a domain account.

So I click add, type in SQLBalls, Authenticate to my domain to get the account added, and everything looks good.  I hit OK.

Hey where'd my AD account go?

So I went through the whole process again.  Click Add, added SQLBalls, validated against the Domain Controller, and then I get this error.

Well if my account is already in the group, then why isn't is showing up.  So I turn to trusty old DOS and open a Command Prompt Window and run net localgroup "administrators".


Sure enough my domain account is not in there.  It didn't take much searching on the Intrawebs to find other people with my issue.  After a little while I found people encountering this error when they had Cloned a VM.

The Domain Controller and the VM had the same SID's, Security Identifiers.  So to validate this I went and grabbed the handy sysinernals tool PSGetSID, to get this click here.  

Once I had downloaded this to my software share I put it on my Domain Controller and one of my other Servers.  I extracted it to a folder called PSGetSID, I know *how original*, navigated to the folder, and typed in psgetsid.

Now that I know what my SID for my Domain Controller is I need to find it for my other computer.  I extract the files and run the command and VOILA!

Sure enough I have duplicate SID's.  If you notice up at the top the Account name has a SID after it, before I click OK and it disappears.  That SID is the same one as both of my computers.


STEP 1 FIX! STEP 2 IT! REPEAT STEPS 1 & 2 UNTIL IT'S FIXED! 

So duplicate SID's are preventing me from adding one AD account to other computers on my domain. I had set up an image of Windows 2008 R2 that was my base image.  I had been keeping the widows update current, but I left it pretty much alone.  I would clone it before I taught a class, did a presentation, or experimented on really f***ing up doing non best practice things on my computer.

So Cloning the same image to make my Domain Controller led to this error.

"So Balls", you say, "How do you fix it?  And isn't there a better way to do things."

Yes Dear Reader there is.  I was saved by this blog by Ilija Brajkovic.  There is a tool called sysprep.  I should have run that before to clean up my base image before cloning it.  Now I can use it to change my SID.  I start out by pulling up run and typing in sysprep and click OK.



It will open up sysprep in it's windows folder.  I then double click on the sysprep.exe in order to launch the application.





Now that sysprep is open I make sure OOBE is selected, I need to click Generalize in order to generate a new SID, and I will also select Reboot.  Then Click OK. This ran very quickly for me.



As Ilija notes there will be some additional information to enter on reboot.  Note *I SHOULD HAVE DONE THIS RIGHT AFTER CLONING*  After reboot You will get prompted for the language choice.  *Warning this will reset your image to a factory setting, if you already have SQL Server Installed this will erase the instance.  This will detach drives, this will reset your TCP/IP Settings.  DO NOT DO THIS IF YOU DO NOT WANT TO WIPE CLEAN YOUR VM*




Then you check the box to Accepte the Agreement.

Then wait while your settings are finalized.


When I log back in my VM has been reset, hence the Enter System Out-of-Box Experience.  The software I had installed is still there. But I'm no longer on the domain, my computer name is changed, and hopefully my SID is different.  Lets run PSGetSID to validate that.

Excellent!  I've got my new SID.  I need to set my NIC card again to be on the right network, rename my server, add it to the domain, and reboot.  After that I can go back into the setup for my AD groups and add my User Account.


This time when I click OK it doesn't go away.  Alright Dear Reader, I hope you enjoyed this one, it was a lot of fun to figure it out!

Thanks,

Brad







Tuesday, December 11, 2012

SQL Live 360 Kicks off Today!




Hello Dear Reader!  Today in beautiful Orlando FL at the Loews Royal Pacific Resort the Live 360 Conference kicks off.  Live 360 combines 4 different conferences into one.  Visual Studio, SharePoint, SQL Server, and Cloud & Virtualization all have their own conferences.  I’m helping to kick off the SQL Live 360 by presenting not once, not twice, but three times today!  

Before we dive into the content I want to say a big Thank You to my wife Silva.  Every time I’m presenting at a conference she’s taking off work to be at home and manage the kiddos.  Without her none of this is possible for me.  Thanks Silva!

“So Balls”, you say, “What are you presenting on?”

Excellent question Dear Reader.  We will be kicking off the day with Trimming Indexes Getting Your Database in Shape, next up is Transparent Data Encryption Inside and Out in SQL Server 2012, and we end the day with the Page & Row Compression Deep Dive in SQL Server 2012.  Conferences are expensive and I want to make sure that you get the most out of your experience.  So to help you decide if you should be spending your time with me, I’m placing the decks and demos online now.  They are also live on the Resource Page.  Attendees should have a copy of all of this information on their conference CD, but just in case you didn’t find it here we go!



KICKING IT OFF WITH A BANG


If you’re in town for the conference I hope you get a chance to stop by.  Here are the abstracts for each presentation:

Trimming Indexes Getting Your Database In Shape
Indexes are a wonderful thing.  We should be using them, and we should be maintaining them.  But over time our production databases start to look a little pudgy around the mid-section.  Maybe they are a little bloated with Unused Indexes, maybe they have Duplicate Indexes, and possibly even Reverse Indexes.  The first step to fixing these problems it so see if you have them, and if you do the second is to set about fixing them. You could be costing yourself CPU cycles, I/Op’s, and space and never even know it.




Transparent Data Encryption Inside and Out in SQL 2012
Security is a very important part of your job and in how data is utilized.  We have many tools to make data more secure, and starting in SQL 2008 we were able to add Transparent Data Encryption to that list.  Find out What it does and What it doesn’t do, How it effects Read-Only Filegroups, Performance, Compression (Backup and Row/Page), What the X.509 Encryption Standard is and Why you should be careful of what you store and where, and other Advance Features as well as some tips on how to manage it.

Slide DeckDemos

Page & Row Compression Deep Dive with SQL Server 2012
Page and Row Compression are powerful new tools. Page & Row with SQL 2008 RTM, and Page & Row with Unicode Compression with SQL 2008 R2, and Spatial Types in SQL 2012.  We can turn it on, we can turn it off, but we want more!  What are Access Methods and how in the SQL Engine do they affect Compression?  What are the “Gotchas” of Page Compression?  How does Compression differ in the way it treats Non-Leaf & Leaf Level pages?  What additional functionality did we get in DBCC Page, DMV’s, Perfmon Counters, and Extended Events to support our usage of Compression?  How do complex query plans affect Compression?  Come find out!


Slide Deck, Demos

LUNCH!

That’s not all, on top of having 3 great sessions to choose from if you’re still not sick of me we’ve got a speaker round table on Wednesday where I’ll be hosting a table on SQL Server 2012 and new features.  While I may not have presented on them there are a lot of great 2012 topics like Columnstore Indexes, Always On Availability Groups, Always On Clustering Improvements, and more that we could chat about.

Great SQL People like MVP’s Jen Stirrup(@JenStirrup | blog), Grant Fritchey (@GFritchey | blog), Allen White (@SQLRunr | Blog),  Thomas Larock (@SQLRockstar | Blog), and William Pearson (@Bill_Pearson) will be there hosting different tables as well!


WRAP IT UP


Okay with that being said, it should be a fun filled week of SQL Learning.  There will be some wonderful night time activities as part of the conference as well. 

  I won’t make it to all of them, Wednesday night is the baby’s Christmas play at her day care can’t miss that!  For the rest of the week though I look forward to getting to see you all.


If you are in town I hope you get to stop by and say “Hi BALLS!”, and have a great time!

Thanks,

Brad