Hi Group,After surfing around the Internet I am still not sure about the need to change the SID for a cloned server - before adding it to a domain.I want to follow this procedure:I create a "master" Terminal Server (Windows 2008 Standard). I do not add it to any domain, it's just installed and configured as a stand alone server.Next I clone this master server and add this clone to our Windows 2008 domain. After that I move the cloned server to a specific OU for a specific group of users.I repeat step 2 serveral times for several Terminal Servers. Each server is put in a different OU for a specific group of users. So I only got 1 server in a OU. If needed though, I have to put a second or third server in the same OU, but these can only be accessed by the same specfic group of users.Now my questiuon:I always thought that changing a SID after cloning a server was absolutely necessary. But after reading these articles I understand it is not really necessary (security-wise) to change the SID if the machine to be cloned is not yet added to a domain:http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx"Duplicate SIDs aren't an issue in a Domain-based environment..."http://technet.microsoft.com/en-us/library/bb727090.aspx"So, duplicate SIDs aren't as big a problem in a domain-based environment as everyone thought."Though these articles are from TechNet can someone (at Microsoft) please explicitly confirm that my procedure actually has no issues?Regards,Ramon

I'm not really sure what is meant by the second quote, but when joining a computer to an AD domain it is absolutely neccesary to have a unquie computer SID value. I would never deploy duplicate computersin any environemnt (prod or test) without using Sysprep, NewSID, etc...Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging

Most definitely. You will run into different issues at different times with a variety of tools if you add computers with duplicate SIDs toa domain.Don't do it.Dave Bishop - MSFT