Archived from groups: microsoft.public.win2000.active_directory (
More info?)
First, thank for you help, i have this problem 2 weeks last,
and i cant show the "Domain Control security policy" but the "local
security policy" yes, the message is "You may cant appropriate right"
and the haswers is:
1-yes in all my DC server i can make ping, and IPconfig is OK in all DCs
2-i have 2 DCs servers, i make the DCPROMO (in the backup server) for remove
the Active Directory 4 week last, but the server show the error and i reboot
the server but the active directory not show, but i copy icon (direct access
icon) active directory the Master server DC and copy this icon in the
backupserver DC, and make doble click and run the active directory in
backupserver but dont synchronizes the DCs servers, i make a proves and
disconnect the backupserver DC because i think and say me... may be the
problem is the error in backupserver DC, but not the Active Directory in
Master server is equally.
3-and all (2 DCs) servers is in one site
4-Only one is the RID Master
5- Yes i can run DCdiag /v and show mw this....
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine smprod01, is a DC.
* Connecting to directory service on server smprod01.
* Collecting site info.
* Identifying all servers.
* Found 5 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SMPROD01
Starting test: Connectivity
* Active Directory LDAP Services Check
Although the Guid DNS name
(499947cf-33ec-4d0a-985e-fb91e089e675._msdcs.ids.com.mx) resolved to
the IP address (63.147.61.208), which could not be pinged, the server
name (smprod01.ids.com.mx) resolved to the IP address
(192.168.123.201) and could be pinged. Check that the IP address is
registered correctly with the DNS server.
......................... SMPROD01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SMPROD01
Skipping all tests, because server SMPROD01 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Running enterprise tests on : ids.com.mx
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ids.com.mx passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\smprod03.ids.com.mx
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\smprod01.ids.com.mx
Locator Flags: 0xe00001e5
KDC Name: \\smprod03.ids.com.mx
Locator Flags: 0xe00001f8
......................... ids.com.mx failed test FsmoCheck
C:\WINNT\MPSReports\DirSvc\Bin>
thank for you help i can your soon answers, thank
atte. Marco Venegas
"Ace Fekay [MVP]" wrote:
> In news:BE222158-8300-4EAB-9468-6D701E3E9F98@microsoft.com,
> Marco Venegas <Marco Venegas@discussions.microsoft.com> made a post then I
> commented below
> > HI in my company server, there is an error and i cant view the Active
> > Directory, and i cant up new users or groups. the error is....
> > The maximum account identifier allocated to this domain controller
> > has been assigned. The domain controller has failed to obtain a new
> > identifier pool. A possible reason for this is that the domain
> > controller has been unable to contact the master domain controller.
> > Account creation on this controller will fail until a new pool has
> > been allocated. There may be network or connectivity problems in the
> > domain, or the master domain controller may be offline or missing
> > from the domain. Verify that the master domain controller is running
> > and connected to the domain.
>
> That's saying it ran out of RIDs. It can be a number of issues causing this,
> from DNS misconfiguration, disjointed namespace, single lable AD DNS domain
> name, firewall rules blocking domain traffic between Sites from the RID
> Master to a DC needing to replenish the RID pool, etc, etc.
>
> To further help, we'll need more specific info, such as:
>
> Can you post an unedited ipconfig /all of your DC(s), please?
> How many DCs do you have?
> Are they all in one Site?
> Which one is the RID Master?
> Can you also run:
> dcdiag /v and post the results too?
>
> Thanks
>
> Some references:
>
http://support.microsoft.com/?id=839879
>
http://www.eventid.net/display.asp?eventid=16645&eventno=1675&source=SAM&phase=1
>
>
> --
> Regards,
> Ace
>
> G O E A G L E S !!!
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>
>