Domain Controller Reports Event 16650 and Subsequently Produces “No RIDS Allocated”
After promoting a pre-Windows 2003 SP1 Domain Controller, you are unable to create an object. When creating objects you receive error “Unable to allocate Rid.” You also receive event 16650 in the event log. Running DCDiag produces the following output:
Starting test: RidManager
* Available RID Pool for the Domain is 1966103 to 1073741823
* TESTDC1.DOMAIN.NET is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1965603 to 1966102
No rids allocated -- please check eventlog.
......................... TESTDC1 passed test RidManager
I was finally came across this article today September 04, 2006.
Active Directory attributes that refer to a prefix may not be stored in the local copy of Active Directory on a computer that is running Microsoft Windows Server 2003.
I think MS should modify the title because many people are searching for the string "No RIDS Allocated 16650" Although there are several issues that can cause this error string, it may be a good idea to consolidate and add this article.
In this instance the Domain Controller has received a RID Pool from the RID master. However, the Domain Controller is unable to allocate rids to new objects. Therefore, creating new objects fail. The issue is when a pre windows server 2003 SP1 DC attempts to get a rid pool from a windows server 2003 SP1 RID master. Windows Server 2003 Service Pack 1 added hard-coded prefixes to Active Directory which are not outbound replicated to partner domain controllers under normal circumstances. While inconsistent prefixes between replication partners do not interfere with Active Directory replication, RID pool request by
pre-Service Pack 1 computers are rejected when they detect SP 1 prefixes in local thread state which has been obtained from Windows Server 2003 Service Pack 1 RID Masters.
Option 1 (Recommended)
Force your pre-Windows 2003 SP1 Domain Controller to force replication from your RID master. In order to achieve this, create a dcpromo answer file. http://support.microsoft.com/?kbid=223757
Name this file answer.txt.
Temporarily Transfer the RID master role to your pre-Windows 2003 SP1 Domain Controller
Make a trivial schema change so that SP1 prefix tables outbound
replicate to Pre-W2K3 SP1 domain controllers.
1. Copy the text between [start copy here] and [end copy here] into
Windows notepad. Save the file as simplefix.ldf
[start copy here]
[end copy here]
2. Assign the Schema FSMO to a Windows Server 2003 Service Pack 1 domain
3. Log onto the console of the Schema FSMO with a user account that is a
member of the schema administrators security groups
4. Run this command line argument to load the
Ldifde -I -f simpleFix.ldf -c "DC=X" "your domain DN"
On the schema FSMO.
Windows 2000, Windows 2003
James Chong (MVP)
MCITP | EMA; MCSE | M+, S+
Security+, Project+, ITIL
How useful was this article? Want to see a tip not listed? Please leave a comment.