RID master is unavailable, what are my options?

[Roeee]

I have two DC's in a small domain. DC1 has all the roles other than the RID master, this is assigned to DC2.

DC2 is reporting that it can not update objects because the account identifier allocator failed to initialise properly.

DCDIAG reports that the RID master was assigned to DC2 but has now been deleted. The Users and Computers GUI believes that DC2 has this role.

I have tried to transfer the role to DC1 however I receive the error below in doing so???

"The transfer of the operations master role can not be performed because: The requested FSMO operation failed. The current FSMO holder could not be contacted"

I can confirm that there are no networking issues, and believe this to be a problem with Active Directory. I am reluctant to sieze the role as I want to keep DC2 on the network and not reinstall.

Any options / idea's how I can resolve this problem?


Thanks

 

[porkchopexpress]

Was the RID role moved to DC2 at some point? If this is the case it sounds like it only did half the job.

 

[porkchopexpress]

I noticed this on the MS site but it seems only to apply if you have restored the DC at some point.

http://support.microsoft.com/?kbid=839879

 

[ScottCr]

You could try seizing the role to dc2.

To be honest I have no idea what will happen but in theory DC2 should then hold this role and not produce any errors.

If memory serves correctly during the seizure process the current RID value gets incremented by a large amount to stop any duplicate RID's being given out.

http://scottcross.blogspot.com

Windows and NT Admin.

 

[58sniper]

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

http://support.microsoft.com/kb/255504

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[Roeee]

DC2 was reinstalled after being removed compleely from AD. Everything seemed to be working fine but one day the RID manager stopped working.

I believe at the inital point after the reinstall everything was working fine as I could transfer roles without issue.

If I seize the role, I will need to reinstall DC2, this is not straight forward due to the other applications installed so am reluctant to do so.

Had a look in the schema through ADSIedit and can see the RID manager references on DC1 but not DC2. I was hoping I could do something clever in here to tell AD that DC1 is now the RID master and not DC2??


porkchopexpress - Thanks for the link, though have tried already, I think there must be some underlying issue which is showing itself as a RID problem.

 

[Seaspray0]

I don't see any other options other than seizing it. The kicker may be that you may not have to drop the other DC off the network as it doesn't think it has it in the first place. The danger with seizing involved having two DC's thinking they were both running the same role (why you had to drop the DC it was seized from). Since it has already been rebuilt... you might get lucky.

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA

 

[58sniper]

From each DC, from the cmd prompt, run
netdom query fsmo
and each will tell you where it thinks the various operations masters are being held.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)

 

[markdmac]

As was suggested above, Seize the role using NTDSUTIL.

I hope you find this post helpful.

Regards,

Mark