I mistakenly deleted a user account and only that account has access to certain resources? Can I change another account's SID to the SID of the deleted account?
When an object (e.g., a user account) is created, the OS gives it an SID, which is stored in the objectSid attribute of the object. If you try to modify the attribute, even when running in the local system context, you receive the error message that Figure 1 shows.
Essentially, the SID is owned by the system, and a user can't change it to a particular value. The ability to do so would create a security vulnerability because changing the SID on an object could give it access rights that it shouldn't have.
If you have a system state backup, you can perform an authoritative restore of the deleted object, and the restored object will have its original SID. (For more information about authoritative restores, see the Webexclusive article "How can I perform an authoritative restoration of Active Directory (AD) in Windows Server 2003?" December 2003, InstantDoc ID 41170.
If no system state backup is available, and if the resource that you're trying to obtain access to is a file, an Administrator can take ownership of the file then set whatever permissions are needed. If the item is an AD object or a service that uses AD, the Administrator can use the ADSIedit tool (which is part of the Windows 2000 and later support tools) to take ownership, then set access permissions.
If you deleted the account within the last 60 days, it's not actually gone from AD. Deleted objects are marked with a tombstone prior to removal from the directory to allow replication of their deleted state throughout the enterprise. The Sysinternals Adrestore utility, which you can download at http://www.sysinternals.com, will restore the tombstoned objects.