Mike,
So there is no documented evidence?
Microsoft does not provide support for computers that have been installed by
duplicating fully installed copies of Windows - this is her unconditional
right, as I've said, but who cares? If someone can determine that the core
of her problems is a duplicate SID then this someone doesn't need Microsoft
support
)
Here is a theoretical cause when duplicate SIDs can be allocated in domain
environment.
Each DC maintains a pool of relative IDs that is used to create SIDs. When
80% of the relative ID pool is consumed, the DC requests a new pool of
relative identifiers from the RID operations master. This ensures that the
same pool of relative IDs is never allocated to different DCs, and prevents
the allocation of duplicate SIDs. However, because it is possible (but rare)
for a duplicate relative ID pool to be allocated, you need to identify those
accounts that have been issued duplicate SIDs to prevent incorrect security
from being applied.
Duplicate relative ID pools can occur if the administrator seizes the RID
master role while the original relative ID master is operational but
temporarily disconnected from the network. In typical practice, after one
replication cycle, the RID master role is assumed by just one DC. However,
before the role ownership is resolved, two different DCs might each request
a new relative ID pool and be allocated the same relative ID pool.
This is the only particular situation when an Admin should use the
ntdsutil.exe tool, check, and cleanup duplicate SIDs if exist.