AD Restore Failure - RID Master Issues

D

DougM

We have a very simple Windows 2000 single domain Active Directory with
only two domain controllers. We wanted to test our disaster recovery
plans so we attempted to restore the PDC to a test box (same model
server)and so far we have been unable to get it fully functioning
after being restored. Initially we thought it may have been related to
the Disaster Recovery Option being used with our backup software but
we get the same results using NT Backup. An Authoritative restore of
the System State was performed in each case.

Basically we are unable to create new accounts or edit existing
accounts in Active Directory Users and Computers - "The directory
service was unable to allocate a relative identifier".

The main problem is event ID: 16650, Source: SAM,
Description:
The account-identifier allocator failed to initialize properly. The
record data contains the NT error code that caused the failure.
Windows 2000 may retry the initialization until it succeeds; until
that time, account creation will be denied on this Domain Controller.
Please look for other SAM event logs that may indicate the exact
reason for the failure.

Running "netdom query FSMO" indicates that the server beleives it
holds the RID Master role. NTDSUTIL also reports that the server holds
the RID Master role when you try to seize the role and the appropriate
groups have permission to "access this computer from the network" (I
have been through Microsoft Knowledge Base Article - 248410).

Running "dcdiag /v" returns the following information in relation to
the RID Manager:

Starting test: RidManager
* Available RID Pool for the Domain is 5099 to 1073741823
* nt7.company.com.au is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3599 to 4098
* rIDNextRID: 0
The DS has corrupt data: rIDPreviousAllocationPool value is not valid
* rIDPreviousAllocationPool is 0 to 0
No rids allocated -- please check eventlog.
.......................... NT7 failed test RidManager

Given that the problem occurs with two different methods of
restoration from tape (ArcServe and NTBackup), I can only assume that
there is some problem on the original NT7 server with its Active
Directory structure?

Can anybody assist?

Thanks in advance,
Doug.
 
D

DougM

Jimmy, thanks for the reply, it was right on the money. Being a DR
test, I wasn't able to restore the original replica partner (due to a
lack of resources) but removing all references to that server solved
the problem. At least we now know that in the case of a real DR we
need to bring both servers back in order for AD to function normally
(which one might assume we'd do anyway) - we know why our test DR was
failing.

By Configuration and DNS I assumed that you meant Active Directory
Users & Computers, Active Directory Sites & Services and DNS. I
removed all references to the replica partner in those tools and
combined with the
repadmin command below, the RID Master initialised properly on reboot.

Thanks again,
Doug.

Jimmy Harper said:
Hi Doug. I believe you are seeing this problem because the DC must
replicate with another DC before bringing the RID Master role online. You
should be able to resolve this by either restoring another DC for it to
replicate with, or by deleting all of the replica links. To delete the
replica links, use the following command:

repadmin /delete CN=Schema,CN=Configuration,DC=domainname,DC=com <restored
server name> <guid-based-dns-name of replica partner> /localonly

(do the same thing for the Configuration and Domain naming context as well)

You can get the guid based dns name of the replica partners by running
repadmin /showreps /v.

Jimmy Harper [MSFT]
Directory Services
This posting is provided "AS IS" with no warranties, and confers no rights


Running "dcdiag /v" returns the following information in relation to
the RID Manager:

Starting test: RidManager
* Available RID Pool for the Domain is 5099 to 1073741823
* nt7.company.com.au is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3599 to 4098
* rIDNextRID: 0
The DS has corrupt data: rIDPreviousAllocationPool value is not valid
* rIDPreviousAllocationPool is 0 to 0
No rids allocated -- please check eventlog.
......................... NT7 failed test RidManager

Given that the problem occurs with two different methods of
restoration from tape (ArcServe and NTBackup), I can only assume that
there is some problem on the original NT7 server with its Active
Directory structure?

Can anybody assist?

Thanks in advance,
Doug.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Source SAM error in System Event ID : 16650 1
RID pool corrupt after restore 5
RID operations master failure 1
RID Master: "Next rid pool not allocated" DNS problem 6
RID pool problem 3
RID Pool Running Out Of RIDs? 4
Active Directory root server problem 1
RID Pool Error 2

Top