Search WWW Search

Wednesday, July 05, 2006

Domain Controller Reports Event 16650 and Subsequently Produces “No RIDS Allocated”

Domain Controller Reports Event 16650 and Subsequently Produces “No RIDS Allocated”


After promoting a pre-Windows 2003 SP1 Domain Controller, you are unable to create an object. When creating objects you receive error “Unable to allocate Rid.” You also receive event 16650 in the event log. Running DCDiag produces the following output:

Starting test: RidManager
* Available RID Pool for the Domain is 1966103 to 1073741823
* TESTDC1.DOMAIN.NET is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1965603 to 1966102
No rids allocated -- please check eventlog.
......................... TESTDC1 passed test RidManager


I was finally came across this article today September 04, 2006.
Active Directory attributes that refer to a prefix may not be stored in the local copy of Active Directory on a computer that is running Microsoft Windows Server 2003.

I think MS should modify the title because many people are searching for the string "No RIDS Allocated 16650" Although there are several issues that can cause this error string, it may be a good idea to consolidate and add this article.

In this instance the Domain Controller has received a RID Pool from the RID master. However, the Domain Controller is unable to allocate rids to new objects. Therefore, creating new objects fail. The issue is when a pre windows server 2003 SP1 DC attempts to get a rid pool from a windows server 2003 SP1 RID master. Windows Server 2003 Service Pack 1 added hard-coded prefixes to Active Directory which are not outbound replicated to partner domain controllers under normal circumstances. While inconsistent prefixes between replication partners do not interfere with Active Directory replication, RID pool request by
pre-Service Pack 1 computers are rejected when they detect SP 1 prefixes in local thread state which has been obtained from Windows Server 2003 Service Pack 1 RID Masters.


Option 1 (Recommended)
Force your pre-Windows 2003 SP1 Domain Controller to force replication from your RID master. In order to achieve this, create a dcpromo answer file.

Name this file answer.txt.


dcpromo /answer:answer.txt

Option 2
Temporarily Transfer the RID master role to your pre-Windows 2003 SP1 Domain Controller

Option 3
Make a trivial schema change so that SP1 prefix tables outbound
replicate to Pre-W2K3 SP1 domain controllers.

1. Copy the text between [start copy here] and [end copy here] into
Windows notepad. Save the file as simplefix.ldf

[start copy here]
changetype: modify
replace: adminDescription
adminDescription: address
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
[end copy here]

2. Assign the Schema FSMO to a Windows Server 2003 Service Pack 1 domain

3. Log onto the console of the Schema FSMO with a user account that is a
member of the schema administrators security groups

4. Run this command line argument to load the

Ldifde -I -f simpleFix.ldf -c "DC=X" "your domain DN"
On the schema FSMO.

Applies To:
Windows 2000, Windows 2003

James Chong (MVP)
Security+, Project+, ITIL

How useful was this article? Want to see a tip not listed? Please leave a comment.


Anonymous DanielB said...

Thanks much for posting this issue with w2k and w2k3 SP1. I've been scratching my head for a few days on this one and have not found anything like this in MS's KB. I successfully used option 2 to bring my w2k DC back up to speed by moving the RID Master to it.

10:39 AM  
Blogger jamestechman said...

I'm glad you were able to use this. You are correct there is no KB article about this.

6:16 PM  
Anonymous Anonymous said...

Wow! This is exactly what we needed. I spent most of a day looking for a resolution to this and all I had to do was move my RID master to a 2000 server and it's fixed. Thanks so much.

7:39 AM  
Anonymous Anonymous said...

If you are those who tend to under probate and you do not need extra help, then you can probably get by with Hogan . For men who are average weight, with no promotion of the problems that need a bit of Hogan scarpe donna with good support, durability and cushion, they should probably be a Hogan scarpe uomo . The motion control category contains the most durable, rigid and controlled sports shoes. Hogan uomo are specifically designed to limit the disease known as over probation.

6:31 PM  
Blogger Azza said...

I never post on these things, but felt I had to for this post.

I had the same issue, all tests were passing but no RID pool on a win2k server. RID master was 2003SP1 machine. Simply moved RID master to a win2k server and restarted the offending server, SAM came straight up and now has a pool.

Why this isnt in the 16650 doco from MS is anyones guess.. i might go and suggest that now actually

8:48 PM  

Post a Comment

<< Home

xml:lang="en" lang="en"> MS Exchange Tips: Domain Controller Reports Event 16650 and Subsequently Produces “No RIDS Allocated”