General discussion


Security Identifiers in NT 4.0

By mtkovach ·
Does anyone know the max. number of SIDS in NT 4.0? A new SID is created for each user/PDC/BDC some point they will run out. It may be a very long time and it may never happen to anyone, but it can happen.
Mike Kovach

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


You can use the Getsid.exe command-line application included in the Windows NT Resource Kit to determine the SID for a specified user account. Getsid.exe is useful for troubleshooting user authentication problems. You can't, however, change the useraccount SID with Getsid.exe. Use the getsid command as follows:

getsid \\servername accountname \\servername accountname

getsid requires two account names because part of its function is to compare the SIDs of each to determine whether they'rethe same.

Collapse -

Link for Security ID information

Considering That A PDC can have 44,000 accounts the sid size should be close to that size per Server you install. I guess it would be based upon the type of doamin model you choose at your sight; Single, Master etc.! For additional information about the SAM size, see the following article in the Microsoft Knowledge Base:
Article I Q130**4
Title: "Number of Users and Groups Affects SAM Size of Domain" and this SID Detail Article below:

Collapse -

How SIDs are created

by anne.jan.elsinga In reply to Security Identifiers in N ...

[-- Cut from MSDN --]

A security identifier (SID) is a unique value of variable length used to identify a trustee. Each account has a unique SID issued by an authority, such as a Windows NT/Windows 2000 domain, and stored in a security database.
[-- End cut --]

According the snipet above I think this is not the case. The keyword in this is variable length. So when more SIDs are needed, more will be created.

Related Discussions

Related Forums