Archived from groups: microsoft.public.win2000.active_directory (
More info?)
"Alboni" <Alboni@discussions.microsoft.com> wrote in message
news
4D4290E-010C-4C25-BE76-ACDF19593042@microsoft.com...
> When I try to create a new user in Active Directory, I receive an error
that
> states: Windows cannot create the object because: The directory service
was
> unable to allocate a relative identifier. Any help on this matter would
be
> greatly appreciated.
Although I have never seen the error message it is almsot
certainly due to the inability to obtain a Relatively Unique
ID or RID.
The RID Master is likely offline or not reachable (e.g., a
DNS problem.)
Run DCDiag and check for the RID master -- if the RID
master exists and is online, check your DNS very carefully.
If the RID master is offline AND lost forever, you need
to 'seize' the role (and any other lost roles) onto another DC.
NEVER seize a role if the original role holder will be returned
to the net.
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server
C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
Facebook
Twitter
Instagram