Event 16650 - Unable to create user/computer accounts

utoxin
utoxin used Ask the Experts™
on
Some time ago, we rebuilt our domain controller. Formerly, it had the full Small Business Server suite on it, from ISA Server on up. During the rebuild, we moved the DHCP server, Firewall, Web Proxy, and DNS to a linux box, since the box the windows server was on sucked.

After we got everything back up and running, we discovered we were unable to create new users, or add new computers to the domain. This seems to be related to the error with Event ID 16650. I've tried everything I can find on the web about fixing this problem, but all to no avail.

I'm willing to supply almost any information except passwords to get this solved. It's becoming a critical issue as time goes on, and I am unable to solve it.

Thanks in advance for your help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hello utoxin,
Check this out
http://www.experts-exchange.com/Operating_Systems/Q_20273427.html
-Is this your error ?

Author

Commented:
That is the error, but I went through all the answers to that question already, and couldn't find a fix.

Commented:
-Do domain management toos run on the DC ? (computer management, dns admin etc) ...
-Is it the first and only DC?
-Did you try to mess with the DC sid or ANYTHING ?

Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Author

Commented:
Yes, all the MMC tools still run.

It is the first, and is currently the only. It was working perfectly before the reinstall of Small Business Server.

Commented:
utoxin there must be more you can give than event id 16650.... Are there any other ERRROR event ID's that may or may not be specifically replated to domain user creation...
-In ADU&C do you see the DC ? If you right click the root of the hive does it shoe this server as pdc, infrastucture owner etc ?
-In DNS, is the primaary zone AD intergrated, do the 4 AD folders appear in the zone ?

Commented:
I got it... This occures when the RID master is not available...
http://support.microsoft.com/default.aspx?scid=KB;en-us;q248410

Author

Commented:
There are no other error events logged that in any way relate to the issue. (Only common one is from the POP3 Connector, due to a bad password we haven't bothered to fix yet).

Yes, the Domain Controller shows up in the ADU&C. I don't know what you mean by root hive, but it shows up under the Domain Controllers folder.

Yes. I had thought DNS might be the issue, since we had moved it off of the windows box, but today I added DNS back onto the windows box, and got it reconfigured to integrate with AD, but it didn't change anything. The four folders show up, and everything looks the same as it did before the rebuild, as far as I can tell.

Author

Commented:
I've gone through that KB article, but it didn't help.

Commented:
utoxin the one any only article explails the source as the RID master not being available... Are you saying you know for a fact that this not the case ?

-Open ADU&C.. right click on the domain name. from the context menu that appears choose "operations masters".. Does the RID tab show your server name as the owner ?
-Can you create ANY object in ADU&C ? If not your RID master is probably not working..

-Did you read the part about.....
 "To add either the "Enterprise Domain Controllers" or "Authenticated Users" group to the right "access this computer from the network", perform the following steps in Domain Controller Security Policy:"

-You may have to format & reinstall...

Author

Commented:
Yes, it's listed as the RID server. And no, I can't make any objects.

Yes, been through all the permissions stuff already.

*winces* I spent 16 hours straight on that box last time I had to FFR.

I'll go see if I can find anything about repairing the RID server. If not, I'll consider the possibility of having to reinstall.
Commented:
Hello utoxin,
-Give ntdsutil a try with a focus on seizing rid master to the same server..you never know, it might workout..
-Too Bad it is SBS, there may have been a couple of more options...
-http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/WINDOWS2000/techinfo/reskit/en-us/distrib/dsbl_fsm_CFYF.asp

-If you're forced to reinstall, I'd get a backup of the system state (Run "NTBACKUP" command) immediately after the AD wizard completes and before making any policy or other changes...

Author

Commented:
Right now, I'm trying the seemingly pointless process of backing up and then restoring straight back. Seems there was a problem in pre-SP3 where it would fubar the RID on a restore. I restored before I updated to SP3 after my last reinstall, so I just backed up the system state, and now I'm restoring it right back over itself.

Cross your fingers.

Author

Commented:
You gave me the needed clue! I didn't need to seize the RID Master Role, I needed to transfer it back to itself. Thanks a million!
utoxin

how did you transfer it back to itself, I am having the same problem but only have one server. Did you move it to another server and transfer it back?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial