Feb 182008

If you have a domain where your RID FSMO is no longer capable of assining new RID pools this document and the available download should help. The download simply provides info on your domain which you then use on an LDP connection to invalidate the remaining RID Pool which triggers AD to start a new pool. It is very simple and straight forward.

This document will help you get your FSMO RID Master role holder able to replenish its RID pool so it can provide DC’s with new pools for Active Directory Object Creation. Make sure you download the executable, LookUpDomainInfo.exe, that is needed to complete this document. It is available on this same website. There is not a public version of this download, I received it from Microsoft and used it on Windows 2000. I since have had users successfully use it on there 2003 domains.

Download LookupDomainInfo.exe from here

pen a command prompt, type

lookupdomaininfo.exe <NETBIOS NAME OF DOMAIN>

domain.local sid S-1-5-21-3876887770-3197127548-3224736908 binary domain sid has been put in domainsid.bin

Use LDP.EXE from the \Support\Tools directory of the Windows Server CDROM to invalidate the RID Pool

o From the CONNECTION pull down menu, select the CONNECT command. Enter the name of the domain controller whose RID pool is to be invalidated.Use port 389 for the connection.

o From the CONNECTION pull down menu, select the BIND command. Enter the account and password for a domain administrator in the target domain

o From the BROWSE command, select Modify

o Fill out the remainder of the MODIFY dialog as follows

§ DN: <Null>

§ Attribute: InvalidateRidPool

§ Values: Use the “Insert File” command point to the domainsid.bin file created in Step 1

§ Press the “Enter” button to populate the “Entry List” command.

§ Press the “RUN” button.

§ Monitor event viewer

§ After invalidating the RID pool, create a new user, computer or group in the “Active Directory Users and Computers” snap-in. The create may fail but will initiate a request for a new RID pool.

Incoming search terms:

 Leave a Reply



You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>