Unless you are having other obvious errors in the log, I'd say wait a while. If you are not in the mood for wait, force replication either through repladmin or through AD Sites and Services. If you have other relevant errors in the logs, post them. The RID error may just be a symptom for a larger problem. Sincerely,
D�j� Ak�m�l�f�, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Raymond Jette Sent: Wed 8/25/2004 10:53 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] cannot create objects in AD Hi, I have just added a new domain controller to my Active Directory domain and I am receving the following error in the system log: Event Type: Error Event Source: SAM Event Category: None Event ID: 16650 Date: 8/25/2004 Time: 1:38:47 PM User: N/A Computer: FTCLSRV-DC001 Description: The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 will retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure. Data: 0000: a7 02 00 c0 �..� Also, when I try to create and user, group, or computer I get the following error message: Windows cannot create the object because: The directory service was unable to allocate a relative identifier. I verified that my RID master is online and working. This is not the problem. Has anyone seen this message in the past? Thanks for the help, Raymond Jette Network Administrator Mestek Technologies, Inc Phone (413) 564-5691 Cell (413) 883-2884 [EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
