Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error when creating user acount

Posted on 2016-09-01
8
Medium Priority
?
100 Views
Last Modified: 2016-09-15
Hi Guys

we have 2 domain controllers, which gave us some issues, mainly replication. Because team did a snapshot restore of month old and the other dc was not restored too at same time so this kinda messed up the server!

So we have turned off replication for now and working just off one server which hosts all the 5 FSMO roles and always did.

But one issue we having is when we create a user account we get below error

Windows cannot create the object because the Directory Service was unable to allocate a relative identifier.

even though that DC is the RID master.

any ideas what i can do? its a live dc and the only one so cant afford to do much changes and restart unless out of hours.
0
Comment
Question by:Sundeep V
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 

Author Comment

by:Sundeep V
ID: 41779556
Please find attached dcdiag tests
DC1.txt
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41780160
The problem seems to be the unary role "RID Master" is hosted by the sole DC thats operational, but that DC does not consider it valid.  See this portion of the error in the DCDiag output:

This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.

            Operations which require contacting a FSMO operation master will fail until this condition is corrected.

            FSMO Role: CN=RID Manager$,CN=System,DC=group,DC=dc,DC=eu

            User Action:

            1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.

            2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors.  Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.

            3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.

I would try siezing the roles again for starters.  Also, it would be wise to completely power down the other server so clients arent using it
0
 

Author Comment

by:Sundeep V
ID: 41780165
Do i need to seize all roles or just the RID one? also any site with documentation on how to perform them role seizure?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 6

Accepted Solution

by:
sAMAccountName earned 2000 total points
ID: 41780203
Sieze them all.  There is no sense in keeping them on the other server - you should be working toward abandoning it and rebuilding it anew.

Powershell for this is here:  (borrowed from technet for simplicity Move FSMO roles )

Move-ADDirectoryServerOperationMasterRole -Identity "DC1" -OperationMasterRole SchemaMaster,RIDMaster,InfrastructureMaster,DomainNamingMaster,PDCEmulator -Force

Open in new window

0
 

Author Comment

by:Sundeep V
ID: 41781363
When you say other server, the server i am talking about already houses all the FSMO roles, its not on the other server and never was. Thats whats bugging me. Do i still need to seize all as above?
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41788516
Yes.  Go through the process of siezing them again.  if it fails, it will harm nothing but if it succeeds, you may fix a major part of the problem.
0
 

Author Comment

by:Sundeep V
ID: 41789176
great thanks did that and it worked, but created another problem so will create another question for that
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41799956
Can you link the other question?  Im curious...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question