none
FIM: AD MA giving error: The directory service has exhausted the pool of relative identifiers. RRS feed

  • Question

  • Greetings,

    Trying to export users to an OU in a remote forest AD from FIM 2010 R2 and I keep getting this error back from the destination AD:

    "The directory service has exhausted the pool of relative identifiers."

    After reading up on this I went back to the AD owners of the forest and they said that they had seen this before and had applied this hotfix from Microsoft to give their RID pool another bit (now making 31bits)... 

    http://support.microsoft.com/kb/2642658/en-us

    Now I can create a user in their AD without a problem within ADSI, but FIM can't; I just get a "cd-error" with the afore-mentioned error description of "The directory service has exhausted the pool of relative identifiers".

    I have checked the RID Manager, I have got the dcdiag (below) and everything looks OK except for the fact they have run this hotfix?

     Test omitted by user request: Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 1073746324 to 2147483647
             * XXXXXXX is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 1073745324 to 1073745823
             * rIDPreviousAllocationPool is 1073745324 to 1073745823
             * rIDNextRID: 1073745324

    Has anyone come across this issue regarding the hotfix before and, if so, how did you get around this via FIM?

    Cheers,

    Wednesday, July 16, 2014 6:33 AM

All replies

  • The work-around at the moment is to specify the IP address of the RID Pool manager server in the MA's preferred domain controller listing. Still working with the external forest as to why this is failing from the DC we initially connected to.
    Wednesday, July 23, 2014 1:38 AM