I have been following through the Windows 2003 disaster recovery guide recently in preperation for some work I will be completing for a customer. And it talks about raising the available RID pool value. The reason for this is to ensure that no domain controller allocates a RID for a security principal that was created after the backup that was used to restore the domain. Well the procedure for it in the Disaster Recovery document I feel needs a little clarification on the process steps.
The below steps are as listed below to Raise the Rid value
To raise the value of available RID pools
1. At the command prompt, change directories to the folder that contains the Windows Support Tools, type the following command, and then press ENTER:
2. Click Connection, click Connect, type the name of the server of which you want to raise the RID pool, and then click OK.
3. Click Connection, click Bind, type your administrative credentials, and then click OK.
4. Click View, click Tree, and then type the following distinguished name path:
CN=RID Manager$,CN=System,DC=<domain name>
This account has an attribute named rIDAvailablePool. This attribute value maintains the global RID space for an entire domain. The value is a large integer with upper and lower parts. The upper part defines the number of security principals that can be allocated for each domain (0x3FFFFFFF or just over 1 billion). The lower part is the number of RIDs that have been allocated in the domain. To view both parts, in Ldp.exe use the Large Integer Converter command in the Utilities menu.
· Sample Value: 4611686014132422708 (Insert in Large Integer Calculator in the Utilities menu of Ldp.exe)
· Low Part: 2100 (Beginning of next RID pool to be allocated)
· Upper Part: 1073741823 (Total number of RIDS that can be created in a domain)
When you increase the value of the large integer, you increase the value of the low part. For example, if you add 100,000 to the sample value of 4611686014132422708 for a sum of 4611686014132522708, the new low part will be 102100. This indicates that the next RID pool that will be allocated by the RID master will begin with 102100 instead of 2100.
5. Click Browse, and then click Modify.
6. Add 100,000 to the current rIDAvailablePool value, and type the sum into the Values field.
The way I interpret this is to do the following;
a. Cut and paste the number beginning with 4611686014132522708 and paste this into a calculator and add 100,000. Then paste the result in the “rIDAvailablePool” value. Which links up with the step 9 process.
7. In the Dn field, type cn=RID Manager$,cn=System,dc=<domain name>.
8. In the Edit Entry Attribute field, type rIDAvailablePool.
9. Select Replace as the operation, and then click Enter.
10. Click Run to run the operation.
Hope this clarifies the steps.