Tag: SID

Find Clients with duplicate GUID and duplicate machine SID SCCM

Target: I noticed some computers in SCCM could not install the SCCM client. Once installed on one device another one was dropped out the inventory. The reason is that the SCCM GUID is based on the machine SID. Normally the SID should be unique – but some computers have been cloned without sysprep.

With the two scripts below you can find computers with duplicate machine SID and with the second script you can create a new SCCM GUID for them.

With the following script you can export the machine SID of multiple computers into a CSV file. Change the export path to your needs.

#detect clients with duplicate machine SID

$comp = import-csv C:\users\xxxxx\Desktop\comp.txt

foreach ($computer in $comp.comp)

{

$LocalAccountSID = Get-WmiObject -Query "SELECT SID FROM Win32_UserAccount WHERE LocalAccount = 'True'" -computername $computer | Select-Object -First 1 -ExpandProperty SID

$MachineSID = ($p = $LocalAccountSID -split "-")[0 .. ($p.Length - 2)] -join "-"

$MachineSID = $MachineSID + ";" + "$computer"

$MachineSID >> c:\temp\sid.csv

$MachineSID = $Null

}

 
The import file looks like below. Enter the computer names where you need to check the machine SID.
1

If you find computers with the same SID you can change the SCCM GUID with the following script. No guarantee if this is supported.

$comp = import-csv c:\temp\computer.txt

$password = "password" | ConvertTo-SecureString -asPlainText -Force

$username = "domain\name"

$credential = New-Object System.Management.Automation.PSCredential($username, $password)

foreach ($computer in $comp.comp)

{

#test if WinRM service is running

$test = Test-WSMan -Computer $computer.ToString() -ErrorAction SilentlyContinue

 

if ($test -ne $null)

{

#connection success

Invoke-Command -ComputerName $computer.ToString() -Credential $credential -ScriptBlock {

#stop smsagent host

Stop-Service ccmexec -Force

#remove config

Remove-item c:\windows\SMSCFG.ini -force

#remove sms certs

Remove-Item -Path HKLM:\Software\Microsoft\SystemCertificates\SMS\Certificates\* -Force

#delete certstore sms

certutil –delstore SMS SMS

#start smsagent host

Start-Service ccmexec

}

 

}

#connection failed

else { Write-Warning "$computer cannot connect!" }

}

The import file looks like below. Enter the computer names where you need to change the SCCM GUID.
2