Solved

The directory service was unable to allocate a relative identifier

Posted on 2003-11-11
12
13,839 Views
Last Modified: 2010-09-09
I took complete backup (1st option "Backup every thing in my computer) of my Active Directory Server (windows 2000), using 'NTBACKUP'.
In fact I've 2 AD servers (windows 2000) in my production network. But all the 5 roles exists in the 1st AD server (which I took the backup for) and it is a 'Global catalog' server as well. Infact both the servers are 'Global catalog' servers.
Now I'm trying to restore the 1st AD server with a fresh OS installation. After installing Windows 2000, I've not configure any network settings or any other thing.
Restart the server in 'Directory Services Restore Mode'.
Run the 'NTBACKUP' utility.
Drive the 'Restore Wizard'. Import the backup file (to be restored)
In the advance options, 1st option was 'How to Restore'. I select the last option 'Always replace the file on disk'.
In the next screen (regarding the security), I select the 1st check box (Restore security)
and the 3rd check box (Restore junction points, not the folders and file data they reference)

After the restore was completed, I've restarted te machine.
Now I can logon as an administrator normally. I can create, delete and move OUs.
But when I try to create a user account, I got this error message

" Windows cannot create the object because the Directory Service was unable to allocate a relative identifier. "

receive the following event message in the NT Directory Service (NTDS) event log:
Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 may retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.

Thats all about it. Any idea whats going wrong in there ?




0
Comment
Question by:adeelminhaj
12 Comments
 
LVL 82

Accepted Solution

by:
oBdA earned 125 total points
ID: 9729568
Those should help:
Error Message: The Account-Identifier Allocator Failed to Initialize Properly
http://support.microsoft.com/?kbid=248410

Error Message: "Windows Cannot Create the Object Because the Directory Service Was Unable to Allocate a Relative Identifier"
http://support.microsoft.com/?kbid=822053
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9731871
Take a look here.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787

You might be able to work around the issue and force the AD#2 into the FSMO role. I would delegate all 5 operations over to it, and then try to force replication. That might fix your problem.

I got the link from oBdA's first KB link, so I can't take credit! 8-)
0
 

Author Comment

by:adeelminhaj
ID: 9736759
oBda / Casca1 :

Thanx alot for all those KB links, those were quite useful but I've not found my senerio there.

Since I took it off-line from production network and put it in a temporary network, in such a scenerio now I've only one AD server.

Now what should I do after the restoration to rectify the problem ?
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9736867
I would attempt an authoratative restore.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:adeelminhaj
ID: 9894787
Guys, as I've mentioned I've 2 AD servers in my production network. To restore the target server, I put it on a separate network (non-production), as recommended in Kbase documents.

So right after the restore, when I restarts the server and try to create a new user account, it starts replication with its companion server to allocate a relative identifier, there it fails to replicate because its not in the production network. I guess this was the root cause of my problem.

When I restored both the servers off the production network, it works fine.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9896746
Huh; The KB article says to restore OFFLINE??? wild. Even though you have put it on a seperate subnet, it is considered offline because it's not in the production environment. An authoratative restore is sorta like that... But only sorta.
0
 

Author Comment

by:adeelminhaj
ID: 9901610
Casca1 : don't be so emotional and have a look @ the KB documents.
0
 
LVL 6

Expert Comment

by:Casca1
ID: 9902176
Emotional? How about emphasis.
I did read the KB; Checked it again to verify I had read it correctly.
I re-iterate: Wild.
0
 

Expert Comment

by:Pauli311
ID: 33642494
How come a pre-req of this site isn't a mastery of the english language? I find it very hard to communicate with people who start sentences off like "I took complete backup". Seriously.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now