Difference between a RID and a SID in Active Directory

-

SID (Security Identifier)

- An SID is a Security Identifier. It's the "primary key" for any object in an Active Directory.
   For example, users have SIDs, as do Printer objects, Group objects, etc. SID's are unique to a Domain.
- In Active Directory users refer to accounts by using the account name, but the operating system internally refers to accounts by their security identifiers (SIDs).
- For domain accounts, the SID of a security principal is created by concatenating the SID of the domain with a relative identifier (RID) for the account. SIDs are unique within their scope (domain or local) and are never reused.
- For every local account and group, the SID is unique for the computer where it was created; no two accounts or groups on the computer ever share the same SID. Likewise, for every domain account and group, the SID is unique within an enterprise. This means that the SID for an account or group created in one domain will never match the SID for an account or group created in any domain in the enterprise.

User SID structure:

SID vs RID

RID (Relative Identifier)

- The relative identifier (RID) Is a variable length number that is assigned to objects at creation and becomes part of the object's security identifier.
- Generating unique relative identifiers is a more complex process in a network domain Windows 2000 network domains can have several domain controllers, each of them a host for Active Directory, where account information is stored. This means that in a network domain there are as many copies of the account database as there are domain controllers.
- Every copy of the account database is a master copy. New accounts and groups can be created on any domain controller. Changes made to Active Directory on one domain controller are replicated to all other domain controllers in the domain.
- The process of replicating changes in one master copy of the account database to all other master copies is called a multimaster operation .
- The process of generating unique relative identifiers is a single-master operation . One domain controller is assigned the role of relative identifier (RID) master , and it allocates a sequence of relative identifiers to each domain controller in the domain.
- When a new domain account or group is created in one domain controller's replica of Active Directory, it is assigned a SID, and the relative identifier for the new SID is taken from the domain controller's allocation of relative identifiers. When its supply of relative identifiers begins to run low, the domain controller asks the RID master for another block.

Comments

Post a Comment

Popular posts from this blog

Changes in Windows 2008 Active Directory

-
Active Directory Domain Services Active Directory Domain Services (AD DS), formerly known as Active Directory Directory Services, is the central location for configuration information, authentication requests, and information about all of the objects that are stored within your forest. Using Active Directory, you can efficiently manage users, computers, groups, printers, applications, and other directory-enabled objects from one secure, centralized location. Auditing.  Changes made to Active Directory objects can be recorded so that you know what was changed on the object, as well as the previous and current values for the changed attributes. Fine-Grained Passwords.  Password policies can be configured for distinct groups within the domain. No longer does every account have to use the same password policy within the domain. Read-Only Domain Controller.  A domain controller with a read-only version of the Active Directory database can be deployed in environments where the security of
Read more

Windows Server Support Interview Questions and Answers (L1)

-
IIS • Fault-tolerant process architecture----- The IIS 6.0 fault-tolerant process architecture isolates Web sites and applications into self-contained units called application pools • Health Monitoring---- IIS 6.0 periodically checks the status of an application pool with automatic restart on failure of the Web sites and applications within that application pool, increasing application availability. IIS 6.0 protects the server, and other applications, by automatically disabling Web sites and applications that fail too often within a short amount of time • Automatic Process Recycling--- IIS 6.0 automatically stops and restarts faulty Web sites and applications based on a flexible set of criteria, including CPU utilization and memory consumption, while queuing requests • Rapid-fail Protection---- If an application fails too often within a short amount of time, IIS 6.0 will automatically disable it and return a "503 Service Unavailable" error message to any new or queued re
Read more

How to Write a Letter Requesting Sponsorship

-
Write the letter in proper format. Start with the title of the person you are addressing, the address, and date. Begin with a description of the company (if it's a corporate letter) or state who you are (if it's for personal sponsorship) For example, So and So firm is a nonprofit organization committed to rehabilitation... whatever. State the event and the purpose in lucid terms. "We are holding a ---- event on ----- for raising money/making a video/whatever the reason." Request sponsorship by saying "We would be grateful if you helped in sponsoring our event...". Try to give a plan, for example do you want a banner? An announcement? If it's a banner or the sort you could quote sizes and prices. This makes it easier for companies to select a sponsorship plan instead of trying to figure out what exactly you want and how much. Give details. For example, how many people are attending? Who will be the Chief Guest/guests, whether your event will be
Read more