I may go back and do a step by step once I've got my feet underneath me, but for now I'll just be happy to have this up and running.
I've finally gotten my Domain Controller Online, Added two Servers to my Domain, and then I wanted to add a Domain Account as an Admin to each Server.
So I logged onto the sever using the local admin, opened up Server Manager, opened up the Configuration tree, Opened Local Users and Groups, and Clicked on Administrators.
As I expected only the local admin account and a local SQL Server Account, that I'll be replacing with a domain account.
So I click add, type in SQLBalls, Authenticate to my domain to get the account added, and everything looks good. I hit OK.
Hey where'd my AD account go?
So I went through the whole process again. Click Add, added SQLBalls, validated against the Domain Controller, and then I get this error.
Well if my account is already in the group, then why isn't is showing up. So I turn to trusty old DOS and open a Command Prompt Window and run net localgroup "administrators".
STEP 1 FIX! STEP 2 IT! REPEAT STEPS 1 & 2 UNTIL IT'S FIXED!
So duplicate SID's are preventing me from adding one AD account to other computers on my domain. I had set up an image of Windows 2008 R2 that was my base image. I had been keeping the widows update current, but I left it pretty much alone. I would clone it before I taught a class, did a presentation, or experimented on
So Cloning the same image to make my Domain Controller led to this error.
"So Balls", you say, "How do you fix it? And isn't there a better way to do things."
Yes Dear Reader there is. I was saved by this blog by Ilija Brajkovic. There is a tool called sysprep. I should have run that before to clean up my base image before cloning it. Now I can use it to change my SID. I start out by pulling up run and typing in sysprep and click OK.
It will open up sysprep in it's windows folder. I then double click on the sysprep.exe in order to launch the application.
Now that sysprep is open I make sure OOBE is selected, I need to click Generalize in order to generate a new SID, and I will also select Reboot. Then Click OK. This ran very quickly for me.
Then you check the box to Accepte the Agreement.
Then wait while your settings are finalized.
When I log back in my VM has been reset, hence the Enter System Out-of-Box Experience. The software I had installed is still there. But I'm no longer on the domain, my computer name is changed, and hopefully my SID is different. Lets run PSGetSID to validate that.
Excellent! I've got my new SID. I need to set my NIC card again to be on the right network, rename my server, add it to the domain, and reboot. After that I can go back into the setup for my AD groups and add my User Account.
This time when I click OK it doesn't go away. Alright Dear Reader, I hope you enjoyed this one, it was a lot of fun to figure it out!