none
Windows server 2003 Sp2 Standard edition. The directory service was unable to allocate a relative Identifier.

    Question

  • I searched for the solution but I came to the point where the solution was to fix the domain controller. There are to domain controllers and I server is gone so there is only one domin server. The primary server is online but its in a new box. The seconday server was destroyed. The situation came to the point where I was getting a error that said unable to contact the global catlog services. I am unable to add users or remove the domain controllers with dcpromo also. Any answers that can help us to be operational.
    Tuesday, September 21, 2010 5:25 PM

Answers

All replies

  • Have you transfered or saized FSMO roles to the working server? Is the server that is online has Global Catalog?

     


    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Tuesday, September 21, 2010 5:31 PM
  • When you say one server is gone does that mean that it is totally dead and you are not able to fix it or bring it back.

    I'll assume yes

    What you need to do is seize the FSMO roles if that destroyed DC held any   http://www.petri.co.il/seizing_fsmo_roles.htm

    Run a metadata cleanup for that destroyed DC   http://www.petri.co.il/delete_failed_dcs_from_ad.htm   you do that from your good DC

    Then try and get another DC up as soon as you can.  If that single one you have now somehow gets destroyed you have a lot more work on your hands.

    Thanks

    Mike


    http://adisfun.blogspot.com;
    Tuesday, September 21, 2010 5:32 PM
  • Specifically, it sounds like you lost the Relative ID (RID) Master. This is one of the FSMO roles, and it must have been on the DC that was lost. This link describes how to find which DC has each role, and how to transfer. In your case, you may need to seize the roles.

    http://support.microsoft.com/kb/324801

    This link describes how to seize the roles:

    http://support.microsoft.com/kb/255504

    Richard Mueller


    MVP ADSI
    Tuesday, September 21, 2010 7:06 PM
  • No I haven't because the Original Domain control is active. I am not sure how to bring up the global catalog but its not being contacted.
    Tuesday, September 21, 2010 7:19 PM
  • In first post you said it is not working, in the last one you wrote it is active, can you be more precise?

    try posting output of that command:

    netdom query fsmo so we can identify where you have fsmo


    With kind regards
    Krystian Zieja
    http://www.projectnenvision.com
    Follow me on twitter
    My Blog
    Tuesday, September 21, 2010 7:24 PM
  • I want to keep the DC up so the business can stay operating but I cant add users. I am not able to delete the DC with dcpromo. If I delete the DC I will have to recreate the complete domain with users in all correct?
    Tuesday, September 21, 2010 7:25 PM
  • Its says command completed successfully. In the begining I had to servers 1 and 2.  1 was primary and 2 was a secondary but 2 was not set up to hold the login or policy info. Server 1 crashed and the motherboard was destroyed by a water problem. So, I took 2 hard drives out of 1 and replaced them in server2 because they were the same model. I replaced the nic cards too. The DC will not let me add users that is the only issue at the moment. does that help. I have assigned the same static IPs also.
    Tuesday, September 21, 2010 8:09 PM
  • Run dcdiag post results.

    Make sure DC only points to itself for DNS in it's TCP\IP properties

    Tuesday, September 21, 2010 8:25 PM
  • found 2 DC controllers DNS server is not connecting. I have on DC that is not on the network, so I will attempt to remove it and look for a DNS solution such as inputing the opendens to the TCP/IP to fix that issue and then maybe the DC will work.
    Tuesday, September 21, 2010 8:36 PM
  • You need to point  the server to itself in DNS OpenDNS will not work.

    Post ipconfig /all

    Tuesday, September 21, 2010 8:52 PM
  • The results say that it is not connecting to the DNS server. Aslo the PDC emulator will not let me modify any  of the DC informaiton in active directory. It also says it is unable to contact the PDC.

    Tuesday, September 21, 2010 8:56 PM
  • Changing the DNS in TCP/IP as I post this
    Tuesday, September 21, 2010 8:57 PM
  • You are right the Relative ID (RID) Master is the issue because the fuction of the Relative ID (RID)  functions are not working. I tried to transfer the master roles and it says it was successful and I deleted a DC that was not in operation. I am still not able to add object to the AD forest.
    Tuesday, September 21, 2010 11:00 PM
  • The Relative ID (RID) Master is the issue because the Relative ID (RID)  functions are not working. I tried to transfer the master roles and it says it was successful and I deleted a DC that was not in operation. I am still not able to add object to the AD forest.

    Tuesday, September 21, 2010 11:01 PM
  • Did you see the steps/comments in your previous question

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/39f9ffb7-e173-402c-b75c-70314715e97b/#14664598-8b64-4de9-812c-b4f4be0aa96f

     

    Did the box that previously hold the RID Master (and probably other FSMO roles) compeletely die?  How did you transfer the FSMO roles.

    What do you see if you run 

     

    netdom query FSMO

    If that old RID master is a dead box you need to seize the roles  http://www.petri.co.il/seizing_fsmo_roles.htm

    THanks

    Mike


    http://adisfun.blogspot.com;
    Tuesday, September 21, 2010 11:30 PM
  • Post the output of

    dcdiag /s:DCName /test:RIDManager /v

    Run it against a couple of DCs (substituting DCName with their names each time) - including the current RID Master

    hth
    Marcin

    Wednesday, September 22, 2010 12:14 AM
  • Hi,

     

    The troublehsooting suggestions community users provided above are useful. I would like to confirm that have you tried them and what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, September 24, 2010 5:08 AM
    Moderator