AD object is not bound to a remote resource

R

Ronald Warner

We have two domain controllers. the first one has the
RID, PDC, GC and the second has the infrastructure,
schema, domain. anyway, it was working before the problem
surfaced.

On the second dc, we can't create users; groups can be
created. when we try to create users, the following error
message is displayed: "Windows cannot set the password for
<USER> because: The specified Active Directory object is
not bound to a remote resource."

We can create users on the first dc and it gets replicated
to the second.

Anyone know what this means?

Thanks.
 
M

Matjaz Ladava [MVP]

If you search this newsgroup for a post with subject "Re: Urgent help
required - not able to create new users in active directory" from Warren
Williams [MSFT] you will read, that this is maybe due to corrupted RID pool.
If you have two DC's in your AD, then you could de-dcpromo the one that is
causing you the problems and promote it again.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com
 
R

Ronald Warner

I have tried looking for the original post, but i truly
can't find it.

How was the RID pool corrupted? Are there ways to prevent
this from happening again?

Are there others ways of fixing this problems beside
demoting the DC to a member server?

I also have exchange installed on this DC. Will it affect
exchange if it is demoted.

I have so many questions. I hope someone can help me on
this. it has come to the point that if we use the
problematic DC to create users, it would delete an
existing user account since they are using the same SID's!

Thanks in advance.
-----Original Message-----
If you search this newsgroup for a post with subject "Re: Urgent help
required - not able to create new users in active directory" from Warren
Williams [MSFT] you will read, that this is maybe due to corrupted RID pool.
If you have two DC's in your AD, then you could de- dcpromo the one that is
causing you the problems and promote it again.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com

Ronald Warner said:
We have two domain controllers. the first one has the
RID, PDC, GC and the second has the infrastructure,
schema, domain. anyway, it was working before the problem
surfaced.

On the second dc, we can't create users; groups can be
created. when we try to create users, the following error
message is displayed: "Windows cannot set the password for
<USER> because: The specified Active Directory object is
not bound to a remote resource."

We can create users on the first dc and it gets replicated
to the second.

Anyone know what this means?

Thanks.
Click to expand...


.
Click to expand...
 
M

Matjaz Ladava [MVP]

You can de-dcpromo exchange server as long as there are other dc's on the
network. After restart, exchange server should pick-up another DC + GC
server.
Hete is a transcript from that post:
"I've found this error to be caused by an invalid RID pool on the DC that
you
are trying to create the user on. Is this your only DC? If not do you have
the problem on other DC's?

If the problem only happens on one DC and all others are OK then most likely
we have an out of date RID pool.

The only way I know of to invalidate a RID is to retore from backup or
demote the server. I'm looking to see if there is a tool that will do this.

--
Warren

This posting is provided "AS IS" with no warranties, and confers no rights"

End quote

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

Ronald Warner said:
I have tried looking for the original post, but i truly
can't find it.

How was the RID pool corrupted? Are there ways to prevent
this from happening again?

Are there others ways of fixing this problems beside
demoting the DC to a member server?

I also have exchange installed on this DC. Will it affect
exchange if it is demoted.

I have so many questions. I hope someone can help me on
this. it has come to the point that if we use the
problematic DC to create users, it would delete an
existing user account since they are using the same SID's!

Thanks in advance.
-----Original Message-----
If you search this newsgroup for a post with subject "Re: Urgent help
required - not able to create new users in active directory" from Warren
Williams [MSFT] you will read, that this is maybe due to corrupted RID pool.
If you have two DC's in your AD, then you could de- dcpromo the one that is
causing you the problems and promote it again.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), MVP
(e-mail address removed)
http://ladava.com

Ronald Warner said:
We have two domain controllers. the first one has the
RID, PDC, GC and the second has the infrastructure,
schema, domain. anyway, it was working before the problem
surfaced.

On the second dc, we can't create users; groups can be
created. when we try to create users, the following error
message is displayed: "Windows cannot set the password for
<USER> because: The specified Active Directory object is
not bound to a remote resource."

We can create users on the first dc and it gets replicated
to the second.

Anyone know what this means?

Thanks.
Click to expand...


.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slow Logons and Can't open files 0
Cannot create the object because directory service was unable to allocate a relative identifier 10
Reboot 1st DC, everything hangs 2
unable to assign gc role to any dc 9
Remove a Domain Controller from AD 2
AD Disaster Scenario 4
Upgrading AD from Windows 2000 to Windows 2003 2
AD Replication issue 1

Top