rIDNextRID - should it be on every DC

Discussion:

(too old to reply)

Richard Mueller

2007-01-05 13:35:30 UTC

Hi there , quick question should the above attribute be on every domain
controller? I have looked in are domain and it seems to be only on one
random
DC (not the RID master)

Each DC should have it's own value per this kb article:

http://support.microsoft.com/kb/305475

Are you looking at the object cn=RID Set,cn=<domain controller>,ou=Domain
Controllers,dc=MyDomain,dc=com? Also, it is a mandatory attribute, and it is
not replicated.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

Joe Richards [MVP]

2007-01-05 16:35:17 UTC

Permalink

If I understand what you mean, yeah... that is what is meant by that
attribute not being replicated. You have to look on the specific DC for
that specific piece of information.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net

---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

Richard/ Dragos, worked it out... you can only see the rIDNextRID and
rIDPreviousAllocationPool on the domain controller you have a secure channel
with or that adsiedit or a similar LDAP tool is connected to
Bit of a bug maybe???
Cheers
Chris

Richard,
that is where I am looking , I have checked three domains and the attributes
rIDNextRID and rIDPreviousAllocationPool are only present on one domain
controller and its not the RID master ...
Can you check any domains and confirm if you have the same?
thanks
Chris

Post by Richard Mueller

Hi there , quick question should the above attribute be on every domain
controller? I have looked in are domain and it seems to be only on one
random
DC (not the RID master)

http://support.microsoft.com/kb/305475
Are you looking at the object cn=RID Set,cn=<domain controller>,ou=Domain
Controllers,dc=MyDomain,dc=com? Also, it is a mandatory attribute, and it is
not replicated.
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

Jorge de Almeida Pinto [MVP - DS]

2007-01-06 01:21:08 UTC

Permalink

almost correct....

it should be:

RidNextRid =The LATEST RID that has been assigned to a security principal
that was created on the local domain controller. RidNextRid is a
non-replicated value
in Active Directory.

see:
http://blogs.dirteam.com/blogs/jorge/archive/2006/05/25/1040.aspx
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* How to ask a question --> http://support.microsoft.com/?id=555375
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------

RidNextRid =The RID that is assigned to next security principal that is
created on the local domain controller. RidNextRid is a non-replicated
value
in Active Directory.
--
Dragos CAMARA
MCSA Windows 2003 server

Hi there , quick question should the above attribute be on every domain
controller? I have looked in are domain and it seems to be only on one
random
DC (not the RID master)
Thanks
Chris