The directory service was unable to allocate a relative identifier

I took complete backup (1st option "Backup every thing in my computer) of my Active Directory Server (windows 2000), using 'NTBACKUP'.
In fact I've 2 AD servers (windows 2000) in my production network. But all the 5 roles exists in the 1st AD server (which I took the backup for) and it is a 'Global catalog' server as well. Infact both the servers are 'Global catalog' servers.
Now I'm trying to restore the 1st AD server with a fresh OS installation. After installing Windows 2000, I've not configure any network settings or any other thing.
Restart the server in 'Directory Services Restore Mode'.
Run the 'NTBACKUP' utility.
Drive the 'Restore Wizard'. Import the backup file (to be restored)
In the advance options, 1st option was 'How to Restore'. I select the last option 'Always replace the file on disk'.
In the next screen (regarding the security), I select the 1st check box (Restore security)
and the 3rd check box (Restore junction points, not the folders and file data they reference)

After the restore was completed, I've restarted te machine.
Now I can logon as an administrator normally. I can create, delete and move OUs.
But when I try to create a user account, I got this error message

" Windows cannot create the object because the Directory Service was unable to allocate a relative identifier. "

receive the following event message in the NT Directory Service (NTDS) event log:
Event 16650
MessageId=0x410A
SymbolicName=SAMMSG_RID_INIT_FAILURE
Language=English
The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 may retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.

Thats all about it. Any idea whats going wrong in there ?




adeelminhajAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

oBdACommented:
Those should help:
Error Message: The Account-Identifier Allocator Failed to Initialize Properly
http://support.microsoft.com/?kbid=248410

Error Message: "Windows Cannot Create the Object Because the Directory Service Was Unable to Allocate a Relative Identifier"
http://support.microsoft.com/?kbid=822053
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Casca1Commented:
Take a look here.

http://support.microsoft.com/default.aspx?scid=kb;EN-US;223787

You might be able to work around the issue and force the AD#2 into the FSMO role. I would delegate all 5 operations over to it, and then try to force replication. That might fix your problem.

I got the link from oBdA's first KB link, so I can't take credit! 8-)
0
adeelminhajAuthor Commented:
oBda / Casca1 :

Thanx alot for all those KB links, those were quite useful but I've not found my senerio there.

Since I took it off-line from production network and put it in a temporary network, in such a scenerio now I've only one AD server.

Now what should I do after the restoration to rectify the problem ?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

Casca1Commented:
I would attempt an authoratative restore.
0
adeelminhajAuthor Commented:
Guys, as I've mentioned I've 2 AD servers in my production network. To restore the target server, I put it on a separate network (non-production), as recommended in Kbase documents.

So right after the restore, when I restarts the server and try to create a new user account, it starts replication with its companion server to allocate a relative identifier, there it fails to replicate because its not in the production network. I guess this was the root cause of my problem.

When I restored both the servers off the production network, it works fine.
0
Casca1Commented:
Huh; The KB article says to restore OFFLINE??? wild. Even though you have put it on a seperate subnet, it is considered offline because it's not in the production environment. An authoratative restore is sorta like that... But only sorta.
0
adeelminhajAuthor Commented:
Casca1 : don't be so emotional and have a look @ the KB documents.
0
Casca1Commented:
Emotional? How about emphasis.
I did read the KB; Checked it again to verify I had read it correctly.
I re-iterate: Wild.
0
Pauli311Commented:
How come a pre-req of this site isn't a mastery of the english language? I find it very hard to communicate with people who start sentences off like "I took complete backup". Seriously.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.