Hi
We got 3 domain controllers (2008 and 2008R2) where one hold all fsmo roles exept the Infrastructure Master.
If we create a new account in Active Directory we get the error "The direcotry service has exhausted the pool of relative identifiers". We get this error on all domain controllers
i ran dc diag and discoverd that the RID Manager role failed whit " The DS has corrupt data: rIDAvailablePool value is not valid"
i tried to seize the role, but it didn't need seizing.
i removed some old entries of long long long retired domain controllers
tried to setup new domain whit trust but again identifiers error on making a trust
any suggestions are welcome.
Thanks Robin
Windows Server 2008Active Directory
Last Comment
HC-ICT
8/22/2022 - Mon
Dan McFadden
OK, this generally means that the RID Master role is not available. You need to run a DCDIAG to check out the health of your AD infrastructure. Run the following command from a command prompt:
** you should be in the enterprise admin group to execute this **
1. logon to one of the functioning DCs
2. open a command prompt
3. at the prompt, run: dcdiag /e /v > dcdiag.txt
This will save the output of the command into a file called dcdiag.txt.
While you are on the above server, I would run this command as well:
from the same command prompt, run: netdom query /domain:YourDomain.Name /fsmo
Posting the output of the 2 commands will help troubleshoot the issue.
Dan
Radhakrishnan
Hi,
As per the error, it appears that the RID pool has excausted? to just verify whether you have enough RID pool, follow the steps;
In the command prompt;
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the Domain"
It will give the following results;
* Available RID Pool for the Domain is 2100 to 1073741823
Your command does not give me any output..whitout the pipe i have:
Starting test: RidManager
The DS has corrupt data: rIDAvailablePool value is not valid
......................... DC-01 failed test RidManager
Radhakrishnan
Did you applied the update and rebooted the server?. I think you are going to end up with demote and promote after seizing the role to different server.
HC-ICT
ASKER
Hi Radhakrishnan
No i did not apply the hotfix because i did not get confirmd i have enough RID pools
My RID Manager has corrupted data. So i guess i don't have pools at all.
You think the hotfix wil fix my data cause i can't get that verified from the KB?
Unfortunately the resolution is straight up... You need to build a new Active Directory Forest and migrate everything over. This is what you will hear from Microsoft.
Unless you have a support contract with Microsoft, getting a response will be expensive.
Dan
HC-ICT
ASKER
Hi Dan and Radhakrishnan
thanks for both of your help, i have came acrossed some of the links and suggestions you have posted. And the sollution what came out is the thing i was affraid of.
thing is i have tried to set up a new forrest and domain, but i'm not able to make a trust cause of this. Whit an running exchange inviorment on the old domain .... its pretty messed up.
any way.
If you have some good suggestions to migratie to new domain whitout a trust and migrate exchange to that domain its very welcome!
** you should be in the enterprise admin group to execute this **
1. logon to one of the functioning DCs
2. open a command prompt
3. at the prompt, run: dcdiag /e /v > dcdiag.txt
This will save the output of the command into a file called dcdiag.txt.
While you are on the above server, I would run this command as well:
from the same command prompt, run: netdom query /domain:YourDomain.Name /fsmo
Posting the output of the 2 commands will help troubleshoot the issue.
Dan