In this article, we will discuss an advanced topic in the domain controller discussion.
Imagine a scenario in the network of DC machines for whatever reason and you have to recover VMDK in VMware or VHDX in hyper-v, in this particular scenario if your DC already has Additional domain controller If, after recovery, one of your master roles called RID may crash and we attempt to perform any operation related to RID, for example we will encounter the following error when constructing User:
Windows cannot create object #Because: The Directory Service was Unable to assign a relative identifier.
To see the error related to this problem, enter the following command in cmd.
dcdiag / test: ridmanager / v
And we see the following error.
The has corrupt data:
Rid previous AllocationPool value is not volid
This occurs when there is a problem with the Replication link between the DCs.
There are three ways to solve this problem:
Add additional domain controllers to the network. For whatever reason, if the problem was not resolved or additional domain controllers were not available, you should consider the second and third solutions.
Remove additional domain controllers that do not Replication from Active Directory. To do this, we need to remove the Replication Link. Enter cmd and enter the following command:
Repadmin / showreps
Now we see the Replication site address. Consider the following example to erase them:
Repadmin / delete CN = schema, CN = configuration, DC = Hinza, DC = local / localonly
And repeat this command for as many links as you have.
The last solution is to clear the Additional domain controller metadata. These metadata are available in two parts.
* Before starting this step, note that if ADCs are available, transfer all 5 of the original Roles to the Full DC you wish to keep, and if ADCs are not available, you should Seize it to Full DC.
Part One: Active directory user and computers console:
In the run window, type dsa.msc and log in to this console and clear the Additional DC computer account from the domain controllers folder and select the option below.
This domain controller is permanently offline and can no longer be demoted using the Active Directory domain controller service installation wizard (DCpromo).
Part Two: Active Directory Sites and Services Console:
In the run window, type services.msc and enter the console. According to the photo below you can see different sites. Log in to the site you want to delete and first clear the NSTD setting and then clear the server and then restart the server and after the Dcdiag / test: ridmanager / v command you see that the problem is fixed. Has been. You can now add additional servers to the collection again.