Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Windows 7 domain join fails with error “The directory service was unable to allocate a relative identifier."

Windows 7 domain join fails with error “The directory service was unable to allocate a relative identifier."

Symptoms

When you attempt to join a Windows 7 computer to an Active Directory domain, you may receive the following error:
The following error occurred attempting to join the domain. The directory service was unable to allocate a relative identifier.

When you view the %windir%\debug\netsetup.log on the computer attempting to join the domain, you may see the following output:

05/18/2010 14:40:33:577 NetpManageMachineAccountWithSid: NetUserAdd on 'W2k3R2-Dc1.contoso.com' for 'test-PC$' failed: 0x2010
05/18/2010 14:40:33:577 NetpProvisionComputerAccount: retry status of creating account: 0x2010
05/18/2010 14:40:33:577 ldap_unbind status: 0x0
05/18/2010 14:40:33:577 NetpJoinDomainOnDs: Function exits with status of: 0x2010
05/18/2010 14:40:33:577 NetpJoinDomainOnDs: status of disconnecting from '\\W2k3R2-Dc1.contoso.com': 0x0
05/18/2010 14:40:33:577 NetpDoDomainJoin: status: 0x2010

The error code 0x2010 maps to "The directory service was unable to allocate a relative identifier" (ERROR_DS_NO_RIDS_ALLOCATED).

When you run dcdiag /v on the authenticating domain controller you may see the following error:

Starting test: RidManager

         * Available RID Pool for the Domain is 6603 to 1073741823
         * DC1 is the RID Master
         * DsBind with RID Master was successful
         Warning: attribute rIdSetReferences missing from

         CN=DC1,OU=Domain Controllers,DC=contoso,DC=com

         Could not get Rid set Reference :failed with 8481:

         The search failed to retrieve attributes from the database.

         ......................... <DCName> failed test RidManager

↑ Back to the top

Cause

This issue can occur if the rIDSetReferences attribute value is not set. The attribute must be set for the domain join operation to succeed.

↑ Back to the top

Resolution

To resolve this issue, perform the following steps:

  1. Logon to the domain controller using the Schema Administrator account.

  2. Click Start, select Run, type LDP and clickOK.

  3. In the LDP tool, select Connection and click Bind.

  4. From the Browse menu, select Modify.

  5. In the Modify dialog box, leave the DN field blank, and typeschemaUpgradeInProgress in the Attribute field. In theValue field, enter the number 1.

  6. Click Enter, and then click Run.

  7. Select CN=<DC name>,OU=Domain Controllers,DC=<domain name>,DC=com, clickModify and set the rIDSetReferences attribute with to the following value:

CN=RID Set,CN=<DC name>,OU=Domain Controllers,DC=<domain name>,DC=com

For example:

CN=RID Set,CN=DC1,OU=Domain Controllers,DC=Contoso,Dc=com

8. In the LDP tool, select Connection and click Disconnect. This will reset schemaUpgradeInProgress to the default.

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2028216
Revision : 1
Created on : 1/8/2017
Published on : 10/26/2010
Exists online : False
Views : 140