Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

The directory service was unable to allocate a relative identifier

Posted on 2003-11-11
12
13,949 Views
Last Modified: 2010-09-09
I took complete backup (1st option "Backup every thing in my computer) of my Active Directory Server (windows 2000), using 'NTBACKUP'.
In fact I've 2 AD servers (windows 2000) in my production network. But all the 5 roles exists in the 1st AD server (which I took the backup for) and it is a 'Global catalog' server as well. Infact both the servers are 'Global catalog' servers.
Now I'm trying to restore the 1st AD server with a fresh OS installation. After installing Windows 2000, I've not configure any network settings or any other thing.
Restart the server in 'Directory Services Restore Mode'.
Run the 'NTBACKUP' utility.
Drive the 'Restore Wizard'. Import the backup file (to be restored)
In the advance options, 1st option was 'How to Restore'. I select the last option 'Always replace the file on disk'.
In the next screen (regarding the security), I select the 1st check box (Restore security)
and the 3rd check box (Restore junction points, not the folders and file data they reference)

After the restore was completed, I've restarted te machine.
Now I can logon as an administrator normally. I can create, delete and move OUs.
But when I try to create a user account, I got this error message

" Windows cannot create the object because the Directory Service was unable to allocate a relative identifier. "

receive the following event message in the NT Directory Service (NTDS) event log:
Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 may retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.

Thats all about it. Any idea whats going wrong in there ?




0
Comment
Question by:adeelminhaj
12 Comments
 
LVL 84

Accepted Solution

by:
oBdA earned 125 total points
ID: 9729568
Those should help:
Error Message: The Account-Identifier Allocator Failed to Initialize Properly
http://support.microsoft.com/?kbid=248410

Error Message: "Windows Cannot Create the Object Because the Directory Service Was Unable to Allocate a Relative Identifier"
http://support.microsoft.com/?kbid=822053
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9731871
Take a look here.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787

You might be able to work around the issue and force the AD#2 into the FSMO role. I would delegate all 5 operations over to it, and then try to force replication. That might fix your problem.

I got the link from oBdA's first KB link, so I can't take credit! 8-)
0
 

Author Comment

by:adeelminhaj
ID: 9736759
oBda / Casca1 :

Thanx alot for all those KB links, those were quite useful but I've not found my senerio there.

Since I took it off-line from production network and put it in a temporary network, in such a scenerio now I've only one AD server.

Now what should I do after the restoration to rectify the problem ?
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 6

Expert Comment

by:Casca1
ID: 9736867
I would attempt an authoratative restore.
0
 

Author Comment

by:adeelminhaj
ID: 9894787
Guys, as I've mentioned I've 2 AD servers in my production network. To restore the target server, I put it on a separate network (non-production), as recommended in Kbase documents.

So right after the restore, when I restarts the server and try to create a new user account, it starts replication with its companion server to allocate a relative identifier, there it fails to replicate because its not in the production network. I guess this was the root cause of my problem.

When I restored both the servers off the production network, it works fine.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9896746
Huh; The KB article says to restore OFFLINE??? wild. Even though you have put it on a seperate subnet, it is considered offline because it's not in the production environment. An authoratative restore is sorta like that... But only sorta.
0
 

Author Comment

by:adeelminhaj
ID: 9901610
Casca1 : don't be so emotional and have a look @ the KB documents.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9902176
Emotional? How about emphasis.
I did read the KB; Checked it again to verify I had read it correctly.
I re-iterate: Wild.
0
 

Expert Comment

by:Pauli311
ID: 33642494
How come a pre-req of this site isn't a mastery of the english language? I find it very hard to communicate with people who start sentences off like "I took complete backup". Seriously.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Print Server: How to Create it? 1 767
Win 2000 Pro - RDP Connection 2008 R2 Terminal Service 4 538
Windows 7 7 268
testing the trust relationship between two domain 1 88
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question