MOVING RID MASTER
in [Active Directory]
|
Prev: frs problems
Next: Kerberos Error Message
From: Janaka Sampath on 25 Jan 2006 23:26 Hi my RID master says that rid pool is empty. actualy this RID master stop responding some time back. but I was able to create new accounts using existing pool. at the moment its giving the messeage that pool is empty. how can I create a new RID master in my existing domain controler without demoting the domain. thank you Janaka
From: Paul Bergson on 26 Jan 2006 00:14 Here is what we did but of course it is not published or supported. It is what I would do given the same circumstances again though. There is a file that is a needed, lookupdomaininfo.exe that could help in this situation. I could possibly mail to you if you want it. Microsoft gave us this solution it just isn't published. 1. Open a command prompt, type "C:\> lookupdomaininfo.exe <NETBIOS NAME OF DOMAIN>" (without the quotation marks), and then press "Enter" (without the quotation marks). C:\>lookupdomaininfo.exe 2000domain.local Domain 2000domain.local sid S-1-5-21-3876887770-3197127548-3224736908 binary domain sid has been put in domainsid.bin 2. Use LDP.EXE from the \Support\Tools directory of the Windows 2000 Server CDROM to invalidate the RID Pool. a. From the CONNECTION pull down menu, select the CONNECT command. Enter the name of the domain controller whose RID pool is to be invalidated. Use port 389 for the connection. b. From the CONNECTION pull down menu, select the BIND command. Enter the account and password for a domain administrator in the target domain c. From the BROWSE command, select Modify. d. Fill out the remainder of the MODIFY dialog as follows 1. DN: <Null> 2. Attribute: InvalidateRidPool 3. Values: Use the "Insert File" command point to the domainsid.bin file created in Step 2. 3. Press the "Enter" button to populate the "Entry List" command. 4. Press the "RUN" button. 5. Monitor event viewer. a. After invalidating the RID pool, create a new user, computer or group in the "Active Directory Users and Computers" snap-in. The create may fail but will initiate a request for a new RID pool. -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Janaka Sampath" <janakaj(a)lankaequities.com> wrote in message news:OHWAWDjIGHA.1088(a)tk2msftngp13.phx.gbl... > Hi > > my RID master says that rid pool is empty. actualy this RID master stop > responding some time back. but I was able to create new accounts using > existing pool. at the moment its giving the messeage that pool is empty. > how > can I create a new RID master in my existing domain controler without > demoting the domain. > > thank you > Janaka > >
From: Janaka Sampath on 26 Jan 2006 08:56 Thanks If you could send me this lookupdomaininfo.exe tool ASAP Thanks janaka "Paul Bergson" <pbergson(a)allete.com> wrote in message news:#mYZsdjIGHA.532(a)TK2MSFTNGP15.phx.gbl... > Here is what we did but of course it is not published or supported. It is > what I would do given the same circumstances again though. There is a file > that is a needed, lookupdomaininfo.exe that could help in this situation. I > could possibly mail to you if you want it. Microsoft gave us this solution > it just isn't published. > > > > > > 1. Open a command prompt, type > > "C:\> lookupdomaininfo.exe <NETBIOS NAME OF DOMAIN>" > > (without the quotation marks), and then press "Enter" (without the > quotation > > marks). > > > > C:\>lookupdomaininfo.exe 2000domain.local > > Domain 2000domain.local sid S-1-5-21-3876887770-3197127548-3224736908 > > binary domain sid has been put in domainsid.bin > > > > > > 2. Use LDP.EXE from the \Support\Tools directory of the Windows 2000 > Server CDROM > > to invalidate the RID Pool. > > > > a. From the CONNECTION pull down menu, select the CONNECT command. > Enter the name > > of the domain controller whose RID pool is to be invalidated. > > Use port 389 for the connection. > > > > b. From the CONNECTION pull down menu, select the BIND command. Enter > the account > > and password for a domain administrator in the target domain > > > > c. From the BROWSE command, select Modify. > > > > d. Fill out the remainder of the MODIFY dialog as follows > > > > > > 1. DN: <Null> > > > > 2. Attribute: InvalidateRidPool > > > > 3. Values: Use the "Insert File" command point to the domainsid.bin > file created in > > Step 2. > > > > 3. Press the "Enter" button to populate the "Entry List" command. > > > > 4. Press the "RUN" button. > > > > > > 5. Monitor event viewer. > > a. After invalidating the RID pool, create a new user, computer or > group in the > > "Active Directory Users and Computers" snap-in. The create may fail but will > > initiate a request for a new RID pool. > > > > > > > -- > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA > > This posting is provided "AS IS" with no warranties, and confers no rights. > > > "Janaka Sampath" <janakaj(a)lankaequities.com> wrote in message > news:OHWAWDjIGHA.1088(a)tk2msftngp13.phx.gbl... > > Hi > > > > my RID master says that rid pool is empty. actualy this RID master stop > > responding some time back. but I was able to create new accounts using > > existing pool. at the moment its giving the messeage that pool is empty. > > how > > can I create a new RID master in my existing domain controler without > > demoting the domain. > > > > thank you > > Janaka > > > > > >
From: Paul Bergson on 26 Jan 2006 10:08 In the mail -- Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Janaka Sampath" <janakaj(a)lankaequities.com> wrote in message news:OVF4%23BoIGHA.2628(a)TK2MSFTNGP15.phx.gbl... > Thanks > > If you could send me this lookupdomaininfo.exe tool ASAP > > Thanks > janaka > "Paul Bergson" <pbergson(a)allete.com> wrote in message > news:#mYZsdjIGHA.532(a)TK2MSFTNGP15.phx.gbl... >> Here is what we did but of course it is not published or supported. It is >> what I would do given the same circumstances again though. There is a >> file >> that is a needed, lookupdomaininfo.exe that could help in this situation. > I >> could possibly mail to you if you want it. Microsoft gave us this > solution >> it just isn't published. >> >> >> >> >> >> 1. Open a command prompt, type >> >> "C:\> lookupdomaininfo.exe <NETBIOS NAME OF DOMAIN>" >> >> (without the quotation marks), and then press "Enter" (without the >> quotation >> >> marks). >> >> >> >> C:\>lookupdomaininfo.exe 2000domain.local >> >> Domain 2000domain.local sid S-1-5-21-3876887770-3197127548-3224736908 >> >> binary domain sid has been put in domainsid.bin >> >> >> >> >> >> 2. Use LDP.EXE from the \Support\Tools directory of the Windows > 2000 >> Server CDROM >> >> to invalidate the RID Pool. >> >> >> >> a. From the CONNECTION pull down menu, select the CONNECT command. >> Enter the name >> >> of the domain controller whose RID pool is to be invalidated. >> >> Use port 389 for the connection. >> >> >> >> b. From the CONNECTION pull down menu, select the BIND command. > Enter >> the account >> >> and password for a domain administrator in the target domain >> >> >> >> c. From the BROWSE command, select Modify. >> >> >> >> d. Fill out the remainder of the MODIFY dialog as follows >> >> >> >> >> >> 1. DN: <Null> >> >> >> >> 2. Attribute: InvalidateRidPool >> >> >> >> 3. Values: Use the "Insert File" command point to the >> domainsid.bin >> file created in >> >> Step 2. >> >> >> >> 3. Press the "Enter" button to populate the "Entry List" command. >> >> >> >> 4. Press the "RUN" button. >> >> >> >> >> >> 5. Monitor event viewer. >> >> a. After invalidating the RID pool, create a new user, computer or >> group in the >> >> "Active Directory Users and Computers" snap-in. The create may fail but > will >> >> initiate a request for a new RID pool. >> >> >> >> >> >> >> -- >> >> >> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA >> >> This posting is provided "AS IS" with no warranties, and confers no > rights. >> >> >> "Janaka Sampath" <janakaj(a)lankaequities.com> wrote in message >> news:OHWAWDjIGHA.1088(a)tk2msftngp13.phx.gbl... >> > Hi >> > >> > my RID master says that rid pool is empty. actualy this RID master stop >> > responding some time back. but I was able to create new accounts using >> > existing pool. at the moment its giving the messeage that pool is >> > empty. >> > how >> > can I create a new RID master in my existing domain controler without >> > demoting the domain. >> > >> > thank you >> > Janaka >> > >> > >> >> > >
From: Jorge de Almeida Pinto [MVP] on 26 Jan 2006 10:02
Paul, Could you mail that util to me please? Thanks! -- Cheers, (HOPEFULLY THIS INFORMATION HELPS YOU!) # Jorge de Almeida Pinto # MVP Windows Server - Directory Services BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ----------------------------------------------------------------------------- * This posting is provided "AS IS" with no warranties and confers no rights! * Always test before implementing! ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- "Paul Bergson" <pbergson(a)allete.com> wrote in message news:%23mYZsdjIGHA.532(a)TK2MSFTNGP15.phx.gbl... > Here is what we did but of course it is not published or supported. It is > what I would do given the same circumstances again though. There is a file > that is a needed, lookupdomaininfo.exe that could help in this situation. > I could possibly mail to you if you want it. Microsoft gave us this > solution it just isn't published. > > > > > > 1. Open a command prompt, type > > "C:\> lookupdomaininfo.exe <NETBIOS NAME OF DOMAIN>" > > (without the quotation marks), and then press "Enter" (without the > quotation > > marks). > > > > C:\>lookupdomaininfo.exe 2000domain.local > > Domain 2000domain.local sid S-1-5-21-3876887770-3197127548-3224736908 > > binary domain sid has been put in domainsid.bin > > > > > > 2. Use LDP.EXE from the \Support\Tools directory of the Windows > 2000 Server CDROM > > to invalidate the RID Pool. > > > > a. From the CONNECTION pull down menu, select the CONNECT command. > Enter the name > > of the domain controller whose RID pool is to be invalidated. > > Use port 389 for the connection. > > > > b. From the CONNECTION pull down menu, select the BIND command. > Enter the account > > and password for a domain administrator in the target domain > > > > c. From the BROWSE command, select Modify. > > > > d. Fill out the remainder of the MODIFY dialog as follows > > > > > > 1. DN: <Null> > > > > 2. Attribute: InvalidateRidPool > > > > 3. Values: Use the "Insert File" command point to the domainsid.bin > file created in > > Step 2. > > > > 3. Press the "Enter" button to populate the "Entry List" command. > > > > 4. Press the "RUN" button. > > > > > > 5. Monitor event viewer. > > a. After invalidating the RID pool, create a new user, computer or > group in the > > "Active Directory Users and Computers" snap-in. The create may fail but > will > > initiate a request for a new RID pool. > > > > > > > -- > > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "Janaka Sampath" <janakaj(a)lankaequities.com> wrote in message > news:OHWAWDjIGHA.1088(a)tk2msftngp13.phx.gbl... >> Hi >> >> my RID master says that rid pool is empty. actualy this RID master stop >> responding some time back. but I was able to create new accounts using >> existing pool. at the moment its giving the messeage that pool is empty. >> how >> can I create a new RID master in my existing domain controler without >> demoting the domain. >> >> thank you >> Janaka >> >> > > |