I got the message "Windows cannot create the object because the directory service was unable to allocate a relative idenfier" I took one of the 3 DC offline since that computer crashed. I am not able to fix the hard drive on the computer. The other 2 DC are fine except that I cannot add users or computer and get the above message. How can I avoid the error on the 2 DC that are otherwise OK?? I am running Win2003 server on all of them.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Unable to allocate relative identifier
- Thread starter lipo
- Start date
mlichstein
MIS
Sounds like the one you took offline was holding the RID master FSMO role, and probably the other 4 FSMO roles as well.
You would need to seize the FSMO roles to one of the remaining DCs using ntdsutil. You would also need to do a metadata cleanup of the failed server, so you can then format and rebuild it.
Seize FSMO roles:
Metadata cleanup:
You would need to seize the FSMO roles to one of the remaining DCs using ntdsutil. You would also need to do a metadata cleanup of the failed server, so you can then format and rebuild it.
Seize FSMO roles:
Metadata cleanup:
I agree with mlichstein's assesment. Take a look in the FAQ section of this forum (tab at the top of your screen labeled FAQs) and look at my FAQ for Seizing and forcefully removing a DC.
You wil find detailed steps to perform. Also, the metadata cleanup script greatly simplifies the process.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
You wil find detailed steps to perform. Also, the metadata cleanup script greatly simplifies the process.
I hope you find this post helpful. Please let me know if it was.
Regards,
Mark
- Thread starter
- #4
Thank you, I will try it tomorrow when I return to the office. I printed out the links and there are warnings that if you use the ADSI snap in and you incorrectly modify the attributes of AD objects, you may cause serious problems. I did not realize that removing a DC that was old would create such a problem.
mlichstein
MIS
Part of steps of a metadata cleanup are to remove objects associated with the failed server from the directory. This requires adsiedit, and if you aren't careful, you could remove data that is still in use.
I haven't used the script that markdmac has in his FAQ, but I suspect it will remove the objects for you, so you dont have to use adsiedit.
Note that this procedure is not needed if you are able to run dcpromo and remove a DC cleanly. This is only if the DC fails and is not gracefully removed from the domain.
I haven't used the script that markdmac has in his FAQ, but I suspect it will remove the objects for you, so you dont have to use adsiedit.
Note that this procedure is not needed if you are able to run dcpromo and remove a DC cleanly. This is only if the DC fails and is not gracefully removed from the domain.
mlichstein
MIS
Ah, I just looked at the FAQ. You will still need to remove the objects using adsiedit. Just follow the instruction in either markdmac's FAQ or my MS link. Both are very clear on what to do.
- Thread starter
- #7
mlichstein
MIS
yep...you can use netdom. You'll need to install the support tools from the CD to get netdom.
"netdom query fsmo
"netdom query fsmo
- Thread starter
- #10
- Status
Similar threads
