Diagnosing login problems using the new DDGetSID CLI tool

The new DDGetSID CLI tool is a command-line interface app developed to help you diagnose Windows client Active Directory login.

You can download the tool from here.

Parameter

Command

empty

Prints the SID for current user. This SID can be used to setup the Domain SID for a company, read the article here.

-p

Prints Active Directory user information.

-d

Prints Active Directory diagnosis information. Use this command to print out custom SIDs and the original SID.

-h

Prints usage help.

-g

Generates a random SID.

-g -s

Generates a random SID and set it to registry.

Administrator permission required.

Setup a custom domain SID (Advanced)

In some rare cases, you may have multiple companies using the same domain SID. This means contacts could be created under the wrong companies.

DD Portal for windows supports custom domain SID's from version 1.84.0.

The custom domain SID can be setup in two ways: Windows Registry or custom Active Directory attribute.

Windows Registry

All PC's in the company will need to be setup with this registry key.

1. Create a string value DeskDirectorSID under:

HKEY_LOCAL_MACHINE\SOFTWARE\DeskDirectorPortal

for 32-bit device, or

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DeskDirectorPortal

for 64-bit device.

2. Set the value to a unique SID.

You can generate a random SID with the DDGetSid-CLI tool.

Custom Active Directory attribute

1. Create a Unicode string attribute named deskDirectorSID or deskDirectorGUID in Active Directory Schema.

2. Associate the attribute to the domain class in the property dialogue.

3. Restart the Active Directory Domain Services.

4. Generate a SID and set it to the custom attribute.

5. Verify the custom domain SID is being used in the CLI tool.

References

How to Create a Custom Attribute in Active Directory

Generate an unique X500 Object ID for AD custom attribute


How did we do?