Frequently Asked Questions – Domains and SIDs

What is so special about the SID of the domain?

Once you decide to install Windows NT Server in a particular domain, you are committed to that domain. This is because of the domain's SID. Installing Windows NT Server creates an account database that contains the domain's SID. This SID is used for all accounts in the domain.

How do I change domain names?

You will need to reinstall Windows NT Server on the PDC and all BDCs. Because the domain's SID (rather than the domain's name) uniquely identifies the domain, the administrator can change the domain's name if the need arises. The new name is simply associated with the existing SID.

The PDC's domain name must be changed first. Then the domain name in all the other computers in the domain must be changed to the new domain name. The only way a machine can be separated from its domain's SID is through a reinstallation. This means that to change a domain's SID, the administrator must reinstall Windows NT Server.

Do all user SIDs change when the domain name changes?

No SIDs will change at all. Only the domain name changes.

Can users of the changed domain still access resources on other machines?

Yes, in the same domain. However, all existing trust relationships will be broken and will require reestablishment with the new domain name. As a result, all access rights associated with users from the trusted domain will also need to be reestablished.