Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.
Failed RidMaster
Hi
We got 3 domain controllers (2008 and 2008R2) where one hold all fsmo roles exept the Infrastructure Master.
If we create a new account in Active Directory we get the error "The direcotry service has exhausted the pool of relative identifiers". We get this error on all domain controllers
i ran dc diag and discoverd that the RID Manager role failed whit " The DS has corrupt data: rIDAvailablePool value is not valid"
i tried to seize the role, but it didn't need seizing.
i removed some old entries of long long long retired domain controllers
tried to setup new domain whit trust but again identifiers error on making a trust
any suggestions are welcome.
Thanks Robin
We got 3 domain controllers (2008 and 2008R2) where one hold all fsmo roles exept the Infrastructure Master.
If we create a new account in Active Directory we get the error "The direcotry service has exhausted the pool of relative identifiers". We get this error on all domain controllers
i ran dc diag and discoverd that the RID Manager role failed whit " The DS has corrupt data: rIDAvailablePool value is not valid"
i tried to seize the role, but it didn't need seizing.
i removed some old entries of long long long retired domain controllers
tried to setup new domain whit trust but again identifiers error on making a trust
any suggestions are welcome.
Thanks Robin
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Hi,
As per the error, it appears that the RID pool has excausted? to just verify whether you have enough RID pool, follow the steps;
In the command prompt;
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the Domain"
It will give the following results;
* Available RID Pool for the Domain is 2100 to 1073741823
Once you confirmed that the DC has got enough RID pool's then apply this hotfix onto the server https://support.microsoft.com/en-us/kb/2618669
I hope this resolve the issue.
As per the error, it appears that the RID pool has excausted? to just verify whether you have enough RID pool, follow the steps;
In the command prompt;
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the Domain"
It will give the following results;
* Available RID Pool for the Domain is 2100 to 1073741823
Once you confirmed that the DC has got enough RID pool's then apply this hotfix onto the server https://support.microsoft.com/en-us/kb/2618669
I hope this resolve the issue.
Hi Dan
Thanks for your reply
i have attached the DCDIAG as requested.
below my fsmo query
C:\Users\Administrator>net
Schema master DC-01.ReplacedMyDomainName
Domain naming master DC-01.ReplacedMyDomainName
PDC DC-01.ReplacedMyDomainName
RID pool manager DC-01.ReplacedMyDomainName
Infrastructure master DC-02.ReplacedMyDomainName
Thanks
dcdiag.txt
Thanks for your reply
i have attached the DCDIAG as requested.
below my fsmo query
C:\Users\Administrator>net
Schema master DC-01.ReplacedMyDomainName
Domain naming master DC-01.ReplacedMyDomainName
PDC DC-01.ReplacedMyDomainName
RID pool manager DC-01.ReplacedMyDomainName
Infrastructure master DC-02.ReplacedMyDomainName
Thanks
dcdiag.txt
Hi hakrishnan
Your command does not give me any output..whitout the pipe i have:
Starting test: RidManager
The DS has corrupt data: rIDAvailablePool value is not valid
......................... DC-01 failed test RidManager
Your command does not give me any output..whitout the pipe i have:
Starting test: RidManager
The DS has corrupt data: rIDAvailablePool value is not valid
......................... DC-01 failed test RidManager
Did you applied the update and rebooted the server?. I think you are going to end up with demote and promote after seizing the role to different server.
Hi Radhakrishnan
No i did not apply the hotfix because i did not get confirmd i have enough RID pools
My RID Manager has corrupted data. So i guess i don't have pools at all.
You think the hotfix wil fix my data cause i can't get that verified from the KB?
No i did not apply the hotfix because i did not get confirmd i have enough RID pools
My RID Manager has corrupted data. So i guess i don't have pools at all.
You think the hotfix wil fix my data cause i can't get that verified from the KB?
You are getting the following events in your event log:
Event ID 16644 — RID Pool Request
** the event was in the dcdiag output. as the following:
*** This "EventID: 0x00004104" is "EventID 16644"
All 3 DCs are reporting a corrupt RID Pool value.
Unfortunately this is a fatal error. Here is the description of the issue from Microsoft:
link: https://technet.microsoft.com/en-us/library/cc756621(v=ws.10).aspx
Basically you need to build a new domain and migrate all devices over then decommission the old structure.
Dan
Event ID 16644 — RID Pool Request
** the event was in the dcdiag output. as the following:
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00004104
Time Generated: 06/11/2015 10:29:47
Event String:
The maximum domain account identifier value has been reached. No further account-identifier pools can be allocated to domain controllers in this domain.
......................... DC-03 failed test SystemLog
*** This "EventID: 0x00004104" is "EventID 16644"
All 3 DCs are reporting a corrupt RID Pool value.
The DS has corrupt data: rIDAvailablePool value is not valid
Unfortunately this is a fatal error. Here is the description of the issue from Microsoft:
link: https://technet.microsoft.com/en-us/library/cc756621(v=ws.10).aspx
Basically you need to build a new domain and migrate all devices over then decommission the old structure.
Dan
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Hi,
The hotfix meant for preventing RID excausted and small RID related issues but this doesn't mentioned anything about "The DS has corrupt data: rIDAvailablePool value is not valid". This indicates that you have reached that stage and can't be useful here.
My suggestion would be log a support case with MS, i assume they may suggest something or ask you to create a new forest and migrate the data as I have seen it before and the MS solution was similar kind of that. I hope your issue won't go till that end. However, best approach would be MS.
Cheers
RK
The hotfix meant for preventing RID excausted and small RID related issues but this doesn't mentioned anything about "The DS has corrupt data: rIDAvailablePool value is not valid". This indicates that you have reached that stage and can't be useful here.
My suggestion would be log a support case with MS, i assume they may suggest something or ask you to create a new forest and migrate the data as I have seen it before and the MS solution was similar kind of that. I hope your issue won't go till that end. However, best approach would be MS.
Cheers
RK
The issue has been asked on EE before...
Link: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_24014918.html
Dan
Link: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_24014918.html
Dan
Unfortunately the resolution is straight up... You need to build a new Active Directory Forest and migrate everything over. This is what you will hear from Microsoft.
Unless you have a support contract with Microsoft, getting a response will be expensive.
Dan
Unless you have a support contract with Microsoft, getting a response will be expensive.
Dan
Hi Dan and Radhakrishnan
thanks for both of your help, i have came acrossed some of the links and suggestions you have posted. And the sollution what came out is the thing i was affraid of.
thing is i have tried to set up a new forrest and domain, but i'm not able to make a trust cause of this. Whit an running exchange inviorment on the old domain .... its pretty messed up.
any way.
If you have some good suggestions to migratie to new domain whitout a trust and migrate exchange to that domain its very welcome!
thanks for both of your help, i have came acrossed some of the links and suggestions you have posted. And the sollution what came out is the thing i was affraid of.
thing is i have tried to set up a new forrest and domain, but i'm not able to make a trust cause of this. Whit an running exchange inviorment on the old domain .... its pretty messed up.
any way.
If you have some good suggestions to migratie to new domain whitout a trust and migrate exchange to that domain its very welcome!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with premium.
Start your 7-day free trial.
** you should be in the enterprise admin group to execute this **
1. logon to one of the functioning DCs
2. open a command prompt
3. at the prompt, run: dcdiag /e /v > dcdiag.txt
This will save the output of the command into a file called dcdiag.txt.
While you are on the above server, I would run this command as well:
from the same command prompt, run: netdom query /domain:YourDomain.Name /fsmo
Posting the output of the 2 commands will help troubleshoot the issue.
Dan