R
Ronan Condon
Hi there,
We have a active directory network with 2 DCs, one being a child. We
are doing a disaster recovery test where we restore our tape to
different machine, not on our network, its just plugged into hub as it
has same Name/IP as PDC. It reinstalled all hardware etc and all
seemed fine but no matter what, we cannot get rid of that error "the
directory service was unable to allocate a relative identifier". Now,
we did have a second controller on the network, but this machine we
were restoring was the main DC and according to itself and the other
one it holds ALL the FSMO roles. Ive been reading up on it as Im far
from an expert on the Active Dir, we think the error is related to the
fact that we have the DC restored onto a different network, i.e. its
plugged into the hub and cannot see our second controller, but if all
the roles are on the main DC, it shouldnt need it at all? One thing I
was reading said that it will always void its RID pool and request a
new one on restore, but surely theres a way to say to the DC "this is
the primary data". Thought an arcserve authoritative restore would do
the trick but it didnt.
One thing I tried. I noticed was that on both our servers, in
(Administrative Tools -> Active Directory Users and Computers ->
Domain Controllers) on the properties of each controller it had "Trust
Computer for Delegation" ticked. So I unticked it for both, ran
another backup, restored that to the disaster machine, and STILL
getting the error. My basis for doing that was to try and break the
trust and make the DC independent, i.e. when it came up after the
restore it wouldnt send out any requests for RIDs, because it regarded
ITSELF as the only "authority" for the roles.
This really has us stumped now, and its a two-fold problem for us, the
current Domain Controller was built as a temporary server during a
migration from NT to 2K, the new server is sitting there now empty and
we really didnt want to migrate the entire network again (200+ users).
We were hoping to do a restore from the backup and we'd have our new
PDC up and running.
I have a theory that if we DID just do what we have been doing but
allowed the PDC onto the network to talk to the second DC it would all
resolve itself, but we obviously dont want to take a chance on a live
system. The temporary server is a bad machine and has taken a liking
to random reboots etc so this is a big deal for us to get this problem
sorted. If anyone has any ideas, it would be appreciated.
Ro.
We have a active directory network with 2 DCs, one being a child. We
are doing a disaster recovery test where we restore our tape to
different machine, not on our network, its just plugged into hub as it
has same Name/IP as PDC. It reinstalled all hardware etc and all
seemed fine but no matter what, we cannot get rid of that error "the
directory service was unable to allocate a relative identifier". Now,
we did have a second controller on the network, but this machine we
were restoring was the main DC and according to itself and the other
one it holds ALL the FSMO roles. Ive been reading up on it as Im far
from an expert on the Active Dir, we think the error is related to the
fact that we have the DC restored onto a different network, i.e. its
plugged into the hub and cannot see our second controller, but if all
the roles are on the main DC, it shouldnt need it at all? One thing I
was reading said that it will always void its RID pool and request a
new one on restore, but surely theres a way to say to the DC "this is
the primary data". Thought an arcserve authoritative restore would do
the trick but it didnt.
One thing I tried. I noticed was that on both our servers, in
(Administrative Tools -> Active Directory Users and Computers ->
Domain Controllers) on the properties of each controller it had "Trust
Computer for Delegation" ticked. So I unticked it for both, ran
another backup, restored that to the disaster machine, and STILL
getting the error. My basis for doing that was to try and break the
trust and make the DC independent, i.e. when it came up after the
restore it wouldnt send out any requests for RIDs, because it regarded
ITSELF as the only "authority" for the roles.
This really has us stumped now, and its a two-fold problem for us, the
current Domain Controller was built as a temporary server during a
migration from NT to 2K, the new server is sitting there now empty and
we really didnt want to migrate the entire network again (200+ users).
We were hoping to do a restore from the backup and we'd have our new
PDC up and running.
I have a theory that if we DID just do what we have been doing but
allowed the PDC onto the network to talk to the second DC it would all
resolve itself, but we obviously dont want to take a chance on a live
system. The temporary server is a bad machine and has taken a liking
to random reboots etc so this is a big deal for us to get this problem
sorted. If anyone has any ideas, it would be appreciated.
Ro.