Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Failed RidMaster
Hi
We got 3 domain controllers (2008 and 2008R2) where one hold all fsmo roles exept the Infrastructure Master.
If we create a new account in Active Directory we get the error "The direcotry service has exhausted the pool of relative identifiers". We get this error on all domain controllers
i ran dc diag and discoverd that the RID Manager role failed whit " The DS has corrupt data: rIDAvailablePool value is not valid"
i tried to seize the role, but it didn't need seizing.
i removed some old entries of long long long retired domain controllers
tried to setup new domain whit trust but again identifiers error on making a trust
any suggestions are welcome.
Thanks Robin
We got 3 domain controllers (2008 and 2008R2) where one hold all fsmo roles exept the Infrastructure Master.
If we create a new account in Active Directory we get the error "The direcotry service has exhausted the pool of relative identifiers". We get this error on all domain controllers
i ran dc diag and discoverd that the RID Manager role failed whit " The DS has corrupt data: rIDAvailablePool value is not valid"
i tried to seize the role, but it didn't need seizing.
i removed some old entries of long long long retired domain controllers
tried to setup new domain whit trust but again identifiers error on making a trust
any suggestions are welcome.
Thanks Robin
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
OK, this generally means that the RID Master role is not available. You need to run a DCDIAG to check out the health of your AD infrastructure. Run the following command from a command prompt:
** you should be in the enterprise admin group to execute this **
1. logon to one of the functioning DCs
2. open a command prompt
3. at the prompt, run: dcdiag /e /v > dcdiag.txt
This will save the output of the command into a file called dcdiag.txt.
While you are on the above server, I would run this command as well:
from the same command prompt, run: netdom query /domain:YourDomain.Name /fsmo
Posting the output of the 2 commands will help troubleshoot the issue.
Dan
** you should be in the enterprise admin group to execute this **
1. logon to one of the functioning DCs
2. open a command prompt
3. at the prompt, run: dcdiag /e /v > dcdiag.txt
This will save the output of the command into a file called dcdiag.txt.
While you are on the above server, I would run this command as well:
from the same command prompt, run: netdom query /domain:YourDomain.Name /fsmo
Posting the output of the 2 commands will help troubleshoot the issue.
Dan
Hi,
As per the error, it appears that the RID pool has excausted? to just verify whether you have enough RID pool, follow the steps;
In the command prompt;
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the Domain"
It will give the following results;
* Available RID Pool for the Domain is 2100 to 1073741823
Once you confirmed that the DC has got enough RID pool's then apply this hotfix onto the server https://support.microsoft.com/en-us/kb/2618669
I hope this resolve the issue.
As per the error, it appears that the RID pool has excausted? to just verify whether you have enough RID pool, follow the steps;
In the command prompt;
Dcdiag.exe /TEST:RidManager /v | find /i "Available RID Pool for the Domain"
It will give the following results;
* Available RID Pool for the Domain is 2100 to 1073741823
Once you confirmed that the DC has got enough RID pool's then apply this hotfix onto the server https://support.microsoft.com/en-us/kb/2618669
I hope this resolve the issue.
Hi Dan
Thanks for your reply
i have attached the DCDIAG as requested.
below my fsmo query
C:\Users\Administrator>net
Schema master DC-01.ReplacedMyDomainName
Domain naming master DC-01.ReplacedMyDomainName
PDC DC-01.ReplacedMyDomainName
RID pool manager DC-01.ReplacedMyDomainName
Infrastructure master DC-02.ReplacedMyDomainName
Thanks
dcdiag.txt
Thanks for your reply
i have attached the DCDIAG as requested.
below my fsmo query
C:\Users\Administrator>net
Schema master DC-01.ReplacedMyDomainName
Domain naming master DC-01.ReplacedMyDomainName
PDC DC-01.ReplacedMyDomainName
RID pool manager DC-01.ReplacedMyDomainName
Infrastructure master DC-02.ReplacedMyDomainName
Thanks
dcdiag.txt
Hi hakrishnan
Your command does not give me any output..whitout the pipe i have:
Starting test: RidManager
The DS has corrupt data: rIDAvailablePool value is not valid
......................... DC-01 failed test RidManager
Your command does not give me any output..whitout the pipe i have:
Starting test: RidManager
The DS has corrupt data: rIDAvailablePool value is not valid
......................... DC-01 failed test RidManager
Did you applied the update and rebooted the server?. I think you are going to end up with demote and promote after seizing the role to different server.
Hi Radhakrishnan
No i did not apply the hotfix because i did not get confirmd i have enough RID pools
My RID Manager has corrupted data. So i guess i don't have pools at all.
You think the hotfix wil fix my data cause i can't get that verified from the KB?
No i did not apply the hotfix because i did not get confirmd i have enough RID pools
My RID Manager has corrupted data. So i guess i don't have pools at all.
You think the hotfix wil fix my data cause i can't get that verified from the KB?
You are getting the following events in your event log:
Event ID 16644 — RID Pool Request
** the event was in the dcdiag output. as the following:
*** This "EventID: 0x00004104" is "EventID 16644"
All 3 DCs are reporting a corrupt RID Pool value.
Unfortunately this is a fatal error. Here is the description of the issue from Microsoft:
link: https://technet.microsoft.com/en-us/library/cc756621(v=ws.10).aspx
Basically you need to build a new domain and migrate all devices over then decommission the old structure.
Dan
Event ID 16644 — RID Pool Request
** the event was in the dcdiag output. as the following:
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00004104
Time Generated: 06/11/2015 10:29:47
Event String:
The maximum domain account identifier value has been reached. No further account-identifier pools can be allocated to domain controllers in this domain.
......................... DC-03 failed test SystemLog
*** This "EventID: 0x00004104" is "EventID 16644"
All 3 DCs are reporting a corrupt RID Pool value.
The DS has corrupt data: rIDAvailablePool value is not valid
Unfortunately this is a fatal error. Here is the description of the issue from Microsoft:
link: https://technet.microsoft.com/en-us/library/cc756621(v=ws.10).aspx
Basically you need to build a new domain and migrate all devices over then decommission the old structure.
Dan
Hi,
The hotfix meant for preventing RID excausted and small RID related issues but this doesn't mentioned anything about "The DS has corrupt data: rIDAvailablePool value is not valid". This indicates that you have reached that stage and can't be useful here.
My suggestion would be log a support case with MS, i assume they may suggest something or ask you to create a new forest and migrate the data as I have seen it before and the MS solution was similar kind of that. I hope your issue won't go till that end. However, best approach would be MS.
Cheers
RK
The hotfix meant for preventing RID excausted and small RID related issues but this doesn't mentioned anything about "The DS has corrupt data: rIDAvailablePool value is not valid". This indicates that you have reached that stage and can't be useful here.
My suggestion would be log a support case with MS, i assume they may suggest something or ask you to create a new forest and migrate the data as I have seen it before and the MS solution was similar kind of that. I hope your issue won't go till that end. However, best approach would be MS.
Cheers
RK
The issue has been asked on EE before...
Link: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_24014918.html
Dan
Link: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_24014918.html
Dan
Unfortunately the resolution is straight up... You need to build a new Active Directory Forest and migrate everything over. This is what you will hear from Microsoft.
Unless you have a support contract with Microsoft, getting a response will be expensive.
Dan
Unless you have a support contract with Microsoft, getting a response will be expensive.
Dan
Hi Dan and Radhakrishnan
thanks for both of your help, i have came acrossed some of the links and suggestions you have posted. And the sollution what came out is the thing i was affraid of.
thing is i have tried to set up a new forrest and domain, but i'm not able to make a trust cause of this. Whit an running exchange inviorment on the old domain .... its pretty messed up.
any way.
If you have some good suggestions to migratie to new domain whitout a trust and migrate exchange to that domain its very welcome!
thanks for both of your help, i have came acrossed some of the links and suggestions you have posted. And the sollution what came out is the thing i was affraid of.
thing is i have tried to set up a new forrest and domain, but i'm not able to make a trust cause of this. Whit an running exchange inviorment on the old domain .... its pretty messed up.
any way.
If you have some good suggestions to migratie to new domain whitout a trust and migrate exchange to that domain its very welcome!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial