Darren_Fryer
asked on
RID Pool Exhausted and I can not add any new users or computers
Hi,
I am running several servers (6) with Win 2K. One is DC, One is TS and One is Exchange.
Yesterday I went to add a new user and the error I got was "The directory Service has exhausted the pool of relative identifiers" it is pretty close to that.
When this happens the Group Policy also goes offline. I can not access it. That lead me to believe that was the problem. I disabled the default policy and rebooted. No luck.
I found an MS article with the same error code and it said to increase the RID Block Size in registry. Did that and No Luck.
I scanned for Virus's all clean. Hard Drive Space is good. I then tried downloading DCDIAG and run it. I am on Windows 2000 SP4 and it gets the start point error. I am trying to work out why it wont run. I am certain it is a service pack issue.
I have also run up another DC for backup but when I try and connect it with Active Directory it gets the same error.
Does anynoe know how to fix this problem ?
I am running several servers (6) with Win 2K. One is DC, One is TS and One is Exchange.
Yesterday I went to add a new user and the error I got was "The directory Service has exhausted the pool of relative identifiers" it is pretty close to that.
When this happens the Group Policy also goes offline. I can not access it. That lead me to believe that was the problem. I disabled the default policy and rebooted. No luck.
I found an MS article with the same error code and it said to increase the RID Block Size in registry. Did that and No Luck.
I scanned for Virus's all clean. Hard Drive Space is good. I then tried downloading DCDIAG and run it. I am on Windows 2000 SP4 and it gets the start point error. I am trying to work out why it wont run. I am certain it is a service pack issue.
I have also run up another DC for backup but when I try and connect it with Active Directory it gets the same error.
Does anynoe know how to fix this problem ?
BTW: read that carefully.. you may end up rebuilding your DC.. What a hassle that will be, eh..?
and.. here is the link to seizing the RID master role...
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/sag_adSeizeRIDMaster.asp
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/sag_adSeizeRIDMaster.asp
ASKER
I have read the article. Is it suggesting running up a new DC and then seizing control or seizing control on the current DC I am having the problems on.
Have you performed this before and if so what was the result and scenario ?
Some other points. When I view the RID master properties it actually has the dns name of the dc in there. It only disappears when I try and add a user and get the 16645 error. After a while I can no longer access Active Directory either.
I have run up another DC as astandby and when I try and bring that onto the network I get the same error. So it looks like the only way out is a system state restore unless seizing control works.
Any other suggestions ?
Have you performed this before and if so what was the result and scenario ?
Some other points. When I view the RID master properties it actually has the dns name of the dc in there. It only disappears when I try and add a user and get the 16645 error. After a while I can no longer access Active Directory either.
I have run up another DC as astandby and when I try and bring that onto the network I get the same error. So it looks like the only way out is a system state restore unless seizing control works.
Any other suggestions ?
Good question.. No, I have never experienced this before, and that is the rub here... i understand what is happening, but can't tell you the results of trying to seize that role.. I am actually hoping another expert who has tried this will step in to comment...
That being said, I am glad you have a good backup of the sytem state..
That being said, I am glad you have a good backup of the sytem state..
ASKER
I had to promo an Existing Server(Template Server) as trying to add a new server resulted in the same RID error.
after promoing the template server I was only able to transfer RID control VIA the DCServer ( the server which first displayed the Problem) after transfering this FSMO i was able to add new users and computers succsefully from both domain controllers. However when transferring back the RID FSMO to the original DC Server the problem once again appeared however this time AD did not crash. I have once again made the template Server the RID Master. I am now able to ad a new BDC to the Domain.
Therfore I am now transferring all FSMO's to this new BDC and will be setting it to be the Global Catalog. Is it now as simple as demoting the existing DCSERVER then rebuilding it and bringing back online and transferring back the roles or can i just rename the BDC to the existing PDC's name??
Any and All coments appreciated!
after promoing the template server I was only able to transfer RID control VIA the DCServer ( the server which first displayed the Problem) after transfering this FSMO i was able to add new users and computers succsefully from both domain controllers. However when transferring back the RID FSMO to the original DC Server the problem once again appeared however this time AD did not crash. I have once again made the template Server the RID Master. I am now able to ad a new BDC to the Domain.
Therfore I am now transferring all FSMO's to this new BDC and will be setting it to be the Global Catalog. Is it now as simple as demoting the existing DCSERVER then rebuilding it and bringing back online and transferring back the roles or can i just rename the BDC to the existing PDC's name??
Any and All coments appreciated!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fatal,
We found a similar article and followed the same steps. All is well. I appreciate your help.
Interesting thing is it appears the Schema Master was damaged in some way. We have gracefully transferred all roles. The only thing left is to rebuild the original DC Server and transfer the roles back.
Again thanks for the help.
We found a similar article and followed the same steps. All is well. I appreciate your help.
Interesting thing is it appears the Schema Master was damaged in some way. We have gracefully transferred all roles. The only thing left is to rebuild the original DC Server and transfer the roles back.
Again thanks for the help.
Glad you got her fixed.. Sorry about the Schema Master, a real hassle..
Thanks..
FE
Thanks..
FE
http://www.microsoft.com/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/enterprise/proddocs/en-us/sag_ADrespondFSMOfailures.asp