How to increase number of RIDs (Relative Identifiers)

[Guest]

Dear ....

When a security principal such as a user, group, or computer is created, it
requireds a RID to be combined with a domain wide identifier, to create a
unique security identifier (SID).

Every windows 2000 DC receives a pool of RIDs (Default 512) it can use to
create objects.

My Problem is : -

I am at this 512 limit, now I cant create more users in my domain. ( I have
only one DC that manage all forest and domain roles).

My Question is : -

How can i increase this pool of RIDs ? so I can create new users.

Thanks,

--
Muhammad Zubair
Network Administrator/Webmaster
National Textile University
Faisalabad, (37610) Pakistan
Phone 092-303-6706378

 

[Joe Richards [MVP]]

This pool is refreshed on DCs after half of them are gone by contacting the RID
Master FSMO role holder. Every domain has one. Is your RID master up and
functioning?

joe

 

[ptwilliams]

A DC is meant to request another 512 when the allocated pool drops below
100. I've seen several people asking about this recently, and was wondering
if in certain circumstances, this fails (even though the RID master is
there) and perhaps a reboot is in order?? I know this shouldn't be the
case, but experience dictates that sometimes this is necessary -I've had to
reboot DCs to make them GCs.

However, it's probably more likely that the RID master is down, or you
cannot resolve the DC that holds the RID master. Look to DNS if the role
holder is alive and on the network.


--


Paul Williams
_______________________________
http://www.msresource.net


Join us in our free, public forum:
http://forums.msresource.net
_______________________________
This pool is refreshed on DCs after half of them are gone by contacting the
RID
Master FSMO role holder. Every domain has one. Is your RID master up and
functioning?

joe

 

[Guest]

Dear Ptwiliams or Joe

I investigated and found that if chage the following entry in registry, i
can increse the size of RID pool

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\RID Block Size
(REG_DWORD)

Default value is 0, it means that 500 RIDs are available ( and I've consumed
all RIDs).

I just want to make sure from you people that if i change this entry to more
than 500 ( suppose 2000) , will it resolve my matter.

OR any other solution there is ?

Muhammad Zubair
============

 

[Joe Richards [MVP]]

You absolutely have to reboot a DC to make it a full GC. The NSPI functionality
doesn't kick in until after the reboot. Also I have occasionally seen DNS
publishing issues if a reboot doesn't occur. I always reboot after the, hmmm I
think it is the 1119 event.

 

[Joe Richards [MVP]]

You absolutely can increase it. You really shouldn't have to though.

The system should be retrieving new ones as needed from the RID Master you and
need to work out if it isn't and if so why not.

The thing about grabbing large pools of RIDS especially impacts you if you have
a lot of DCs. The number of RIDS available is a finite resource. It is large,
but finite. When a pool gets allocated to a DC, it never gets allocated again to
any other DC so if that DC gets blown up or demoted for instance, you have lost
all of those RIDS that it had allocated but not used.

joe

 

[Guest]

Dear .......

Actually I had one DC in start. all roles were assigned to it. then I
installed 2nd DC and connected to AD ( No additional configuration ). After
that, 2nd Dc was just remved from Table and was not removed from AD ( that is
still in AD).

After that I created users according to my needs. but suddenly, the single
DC (1st) refused to create the users ...... RID pool exhausted .....

Now, I've tried "ntdsutil" and tried to seize the RID Master, it told me
that it is already RID master. i also seazed Schema master and DC Emulator
and then Reboted ...

But , Still i can't create any user account ...

Remember! I have also tried to increase the RID Block size in registry. it
also doesnt works ......

Please guide me ........ how to create new user accounts

Muhammad Zubair
=====================================================

 

[Joe Richards [MVP]]

What exactly are you seeing for errors?