Event 16650 - Unable to create user/computer accounts

Some time ago, we rebuilt our domain controller. Formerly, it had the full Small Business Server suite on it, from ISA Server on up. During the rebuild, we moved the DHCP server, Firewall, Web Proxy, and DNS to a linux box, since the box the windows server was on sucked.

After we got everything back up and running, we discovered we were unable to create new users, or add new computers to the domain. This seems to be related to the error with Event ID 16650. I've tried everything I can find on the web about fixing this problem, but all to no avail.

I'm willing to supply almost any information except passwords to get this solved. It's becoming a critical issue as time goes on, and I am unable to solve it.

Thanks in advance for your help.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello utoxin,
Check this out
-Is this your error ?
utoxinAuthor Commented:
That is the error, but I went through all the answers to that question already, and couldn't find a fix.
-Do domain management toos run on the DC ? (computer management, dns admin etc) ...
-Is it the first and only DC?
-Did you try to mess with the DC sid or ANYTHING ?

5 Ways Acronis Skyrockets Your Data Protection

Risks to data security are risks to business continuity. Businesses need to know what these risks look like – and where they can turn for help.
Check our newest E-Book and learn how you can differentiate your data protection business with advanced cloud solutions Acronis delivers

utoxinAuthor Commented:
Yes, all the MMC tools still run.

It is the first, and is currently the only. It was working perfectly before the reinstall of Small Business Server.
utoxin there must be more you can give than event id 16650.... Are there any other ERRROR event ID's that may or may not be specifically replated to domain user creation...
-In ADU&C do you see the DC ? If you right click the root of the hive does it shoe this server as pdc, infrastucture owner etc ?
-In DNS, is the primaary zone AD intergrated, do the 4 AD folders appear in the zone ?
I got it... This occures when the RID master is not available...
utoxinAuthor Commented:
There are no other error events logged that in any way relate to the issue. (Only common one is from the POP3 Connector, due to a bad password we haven't bothered to fix yet).

Yes, the Domain Controller shows up in the ADU&C. I don't know what you mean by root hive, but it shows up under the Domain Controllers folder.

Yes. I had thought DNS might be the issue, since we had moved it off of the windows box, but today I added DNS back onto the windows box, and got it reconfigured to integrate with AD, but it didn't change anything. The four folders show up, and everything looks the same as it did before the rebuild, as far as I can tell.
utoxinAuthor Commented:
I've gone through that KB article, but it didn't help.
utoxin the one any only article explails the source as the RID master not being available... Are you saying you know for a fact that this not the case ?

-Open ADU&C.. right click on the domain name. from the context menu that appears choose "operations masters".. Does the RID tab show your server name as the owner ?
-Can you create ANY object in ADU&C ? If not your RID master is probably not working..

-Did you read the part about.....
 "To add either the "Enterprise Domain Controllers" or "Authenticated Users" group to the right "access this computer from the network", perform the following steps in Domain Controller Security Policy:"

-You may have to format & reinstall...
utoxinAuthor Commented:
Yes, it's listed as the RID server. And no, I can't make any objects.

Yes, been through all the permissions stuff already.

*winces* I spent 16 hours straight on that box last time I had to FFR.

I'll go see if I can find anything about repairing the RID server. If not, I'll consider the possibility of having to reinstall.
Hello utoxin,
-Give ntdsutil a try with a focus on seizing rid master to the same server..you never know, it might workout..
-Too Bad it is SBS, there may have been a couple of more options...

-If you're forced to reinstall, I'd get a backup of the system state (Run "NTBACKUP" command) immediately after the AD wizard completes and before making any policy or other changes...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
utoxinAuthor Commented:
Right now, I'm trying the seemingly pointless process of backing up and then restoring straight back. Seems there was a problem in pre-SP3 where it would fubar the RID on a restore. I restored before I updated to SP3 after my last reinstall, so I just backed up the system state, and now I'm restoring it right back over itself.

Cross your fingers.
utoxinAuthor Commented:
You gave me the needed clue! I didn't need to seize the RID Master Role, I needed to transfer it back to itself. Thanks a million!

how did you transfer it back to itself, I am having the same problem but only have one server. Did you move it to another server and transfer it back?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.