RID pool depleted?

Whoh.. What happened.. I was about to install a new software in my home domain that required a service account so I tried to run New-ADServiceAccount.. But I got:

So why does my domain leak like a sieve?

Lets run dcdiag on it

Guess what, there are still RIDs available. BUT still a Microsoft blog stated that between 1999 and 2011 the Microsoft Corporate AD used 8 million RIDS, That makes me a bigger user of RIDs than Corporate Microsoft. Go me.

Now lets see what ranges the diffrent servers have. Not all values are replicated to all domain controllers so without running against all domain controllers this will be a partial help only.

So after running that in my environment I see that my dc01 has a high rID number and thats is the only one that does.. So lets look at the logs at that machine.. Going through the whole logs will take a while lets filter out only events that takes rIDs. So below is a list of events that should require rIDs.

Event ID Message
4783 A basic application group was created.
4790 An LDAP query group was created.
4741 A computer account was created.
4744 A security-disabled local group was created.
4749 A security-disabled global group was created.
4759 A security-disabled universal group was created.
4727 A security-enabled global group was created.
4731 A security-enabled local group was created.
4754 A security-enabled universal group was created.
4720 A user account was created.

To simplify I have created a simple XML query filter that you can use. Download XML Filter here.

All I found was an empty security log

But since the security log doesn’t have any entries that show up we can say that currently that server isn’t using up lots of rIDs, But that might also be that I cant create anything at all on that server, so lets reboot that domain controller. Well that didnt help either.

So after continuing abit i found the KB article 2618669. The following symptoms are listed:

  • The dcdiag error message that I have seen earlier in this blog entry.
  • Larger rID usage than expected
  • Continuing increase of rid usage

And after running Get-Hotfix to see if it was installed I noticed that my server at home hadn’t been patched since install.

Now the big patch race..

  • First run 96 patches.
  • Second run 2 patches.
  • Third run 1 patch. (The special one from KB2618669).
  • After applying all the patches I could now create my account on this server.

Sources:

Leave a Reply