Check the uniqueness of a Windows computer SID

1. Introduction

It is important in an Active Directory context and to maintain Microsoft support to deploy client workstations and servers with unique SIDs (with SYSPREP tool in the case of cloning).

There are two cases of SID:

  • AD servers have a common SID which is the domain SID
  • Servers that are members of an AD or that are in Workgroup have their own SID

To read this SID, it is simple to use a VBS script and WMI access.

An example script is shown below. It works on AD servers and non-AD servers.

2. Sample VBS script

Link to download the script (to rename to .vbs):


strComputer = “.”
Set objWMIService = GetObject(“winmgmts:\” & strComputer & “\root\CIMV2”)
isADInstalled = FALSE
Set objOutParams = objWMIService.ExecQuery(“SELECT * from Win32_Service”)
For Each objSvc in objOutParams
Select Case objSvc.Name
Case “NTDS”
isADInstalled = TRUE
End Select

Set oShell = CreateObject( “WScript.Shell” )
strComputer = oShell.ExpandEnvironmentStrings(“%COMPUTERNAME%”)
If isADInstalled = True then
strDomain = oShell.ExpandEnvironmentStrings(“%USERDOMAIN%”)
strDomain = strComputer
End if

Set objWMIService = GetObject(“winmgmts:\” & strComputer & “\root\cimv2”)
Set colAccounts = objWMIService.ExecQuery(“Select * From Win32_UserAccount Where Domain = ‘” & StrDomain & “‘”)
For Each objAccount in colAccounts
If Left (objAccount.SID, 6) = “S-1-5-” and Right(objAccount.SID, 4) = “-500” Then
WScript.Echo “Computer Name: ” & strComputer
If strDomain <> strComputer then WScript.Echo “Domain Name: ” & strDomain
WScript.Echo “Computer SID: ” & Left(objAccount.SID, Len(objAccount.SID) – 4)
End If


To run this script, you need to open a command line as administrator and run it with the script.exe program.

Example on a Windows 2019 machine which is a Domain Controler:

Example on a Windows 2019 machine that is not an AD server: