I was hanging out with a great bunch of guys at an IT shop in Colorado. They had me over for a few weeks upgrading their DC’s to 2008 R2 (a smart move for any customer) and I ran into a bit of a snag.
Each branch had two DC’s equally load balanced to service DNS, DHCP, and authentication requests from clients. As they were all 2003 32-bit, they all had to be reloaded. I figured the best way was move roles to the partner, nuke/pave, rinse/repeat.
On the second branch, working on promoting the second DC, the error came up that “Windows cannot create the object because the Directory Service was unable to allocate a relative identifier” which usually means the RID master has toumbstoned or has been down so long the DC’s can’t refill their buckets.
But in this case the RID master was up and healthy.
What happened was the first domain controller, after having been brought offline, notified the other DC at that site… but for some reason that DC didn’t check in with the mothership and let the rest of the domain know about it. It also didn’t bother to let them know when the newly loaded server joined the domain and became a DC.
I didn’t notice this, so when I killed the other box and reloaded it with 2008 everything was find until I tried to DC Promo the thing. DC #1 wasn’t able to bring DC#2 into the environment. The existing DC’s didn’t know who he was, even though as far as he was concerned – everything was fine.
I ended up having to dcpromo the other box down and start over. I had to wait until after hours to do it though – didn’t want to impact any users (the incorrectly joined DC had no idea he wasn’t feeling much love so he kept servicing user requests). But when I dcpromo’d them the second time I used the advanced settings and pointed them to the DC’s at the main office.
Lesson learned – but if you get errors about a missing RID master, that could be your problem.