+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Windows Thread, Cannot create users in Active Directory in Technical; We have just ghosted our Windows Server 2003 DC onto bigger hard drives. All work fine, RAID ok, etc... ... ...
  1. #1
    WithoutMotive's Avatar
    Join Date
    Feb 2006
    Location
    Wigan, UK
    Posts
    629
    Thank Post
    41
    Thanked 48 Times in 42 Posts
    Rep Power
    27

    Cannot create users in Active Directory

    We have just ghosted our Windows Server 2003 DC onto bigger hard drives. All work fine, RAID ok, etc...
    ... until I go to add our new Year 7 users.

    Active Directory just will not let me add a single user.
    It comes up with the message "Windows cannot create the object because the Directory Service was unable to allocate a relative identifier"

    I have been here: http://www.netpro.com/forum/messagev...7&threadid=201

    ...and here: http://support.microsoft.com/kb/839879/en-us

    and tried the suggestions but I STILL can't add any users.

    Any suggestions? :?

  2. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,484
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114

    Re: Cannot create users in Active Directory

    Is it the only DC? Are there any errors in the logs from NTDS? Ghosting and moving VM DCs is not supported and I have had one become out of sync with the other DC.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,234
    Thank Post
    894
    Thanked 1,780 Times in 1,534 Posts
    Blog Entries
    12
    Rep Power
    462

    Re: Cannot create users in Active Directory

    did you sort your problem out?

  4. #4

    Join Date
    Jun 2005
    Posts
    39
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    I reinstalled a DC with same name without demoting first

    Ihave a little problem similar to above.

    One of our domain controllers wouldnt boot in to windows after christmas so i quickly reinstalled it and recreated all the shares.

    I gave the server the same name as it was before and executed dcpromo.
    thios all seemed to work fine until now.

    I cant seem to create any users in active directory on that server anymore

    I am also having problems replication problems on that server now

    Has anyone had any similar problems like this and know any work arounds.

    Any help will be appreciated.

    Thanks

  5. #5

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,217
    Thank Post
    116
    Thanked 332 Times in 274 Posts
    Blog Entries
    4
    Rep Power
    115
    MM, when you rebuilt it did you first remove all mentions of that DC from Active Directory? If not I suspect you're going to be hitting a lot of problems.

    It'd also be worth checking where your AD believes the FSMO roles to be held at the moment.

  6. #6

    Join Date
    Jun 2005
    Posts
    39
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    i removed the server 3 in active directory just by right clicking the server and pressing delete. i thought that this should be sufficient.

    whats the best way on checking where the Fsmo role are?

  7. #7

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,217
    Thank Post
    116
    Thanked 332 Times in 274 Posts
    Blog Entries
    4
    Rep Power
    115
    Check in Active Directory Sites and Services I believe.

    I suspect you'll end up needing to remove the DC fully, then rebuild it as a brand new DC with a different name. You can get away with reintroducing it as the same one when you're restoring from a backup, not so much with a reinstall.

  8. Thanks to jamesb from:

    MManjra (5th February 2009)

  9. #8

    Join Date
    Dec 2008
    Location
    Plymouth
    Posts
    63
    Thank Post
    6
    Thanked 10 Times in 7 Posts
    Rep Power
    14
    Based on what you've posted, it seems you've lost at the very least your RID Master FSMO role, which means you're in for a jolly old time! To put it into perspective, and without trying to frighten you, you will need to make repairs to the heart of AD now. As ever with major AD changes, do ensure you use NTBackup to make system state backups of all your DC's before attempting this. That way you have an escape route in place!

    It IS possible to recover FSMO roles, but to do so you need to ensure there isn't a server on the network now with the same name as any DC that held any of the lost FSMO roles.

    Also remember: NEVER seize FSMO roles unless you truly have no other choice. It is always a last-option scenario.

    Having said that, you can find some decent information on FSMO roles and how to deal with them here: Determining FSMO Role Holders

    At the end of the very detailed article there are more links to articles that teach you about seizing FSMO roles.

    Good luck!

  10. Thanks to Tamarside from:

    MManjra (5th February 2009)

  11. #9

    Join Date
    Jun 2005
    Posts
    39
    Thank Post
    4
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    what if i demote the server and rename it to something else then promote it again, do think that could cure this? i might give that a go first if that fails then it will have to be a fresh install.

  12. #10

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,217
    Thank Post
    116
    Thanked 332 Times in 274 Posts
    Blog Entries
    4
    Rep Power
    115
    I suspect the problem isn't so much the new server, as the old one. Demoting a new one with the same name will most likely only make the problem worse.

    To remove all traces of the failed domain controller you may want to look at this article: How to remove data in Active Directory after an unsuccessful domain controller demotion

  13. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,266
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    I'm a little baffled - if you performed a disk image, it should of created an exact copy of your original drive.

    Realistically there are two solutions to your problem. Firstly check the FSMO roles. Either put your original drive back in and transfer server roles to another DC on your network, in addition to the Global Catalog. More than likely DNS is AD integrated (hopefully), so you just have DHCP to transfer too.

    Alternatively, perform a System State restore on your new drive from either a file or backup tape. This should (in theory) work.

  14. #12

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,217
    Thank Post
    116
    Thanked 332 Times in 274 Posts
    Blog Entries
    4
    Rep Power
    115
    Quote Originally Posted by Michael View Post
    I'm a little baffled - if you performed a disk image, it should of created an exact copy of your original drive.
    If you look at MManjra's post rather than the OP's then you'll see that he performed a reinstall rather than an image. The thread's gone a little adrift from the original topic.

  15. #13

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,266
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Ahh thanks Jamesb, makes more sense now. If MManjra's re-installed Server 2003 from new, you just need to give it the same computer name and IP address, then perform a System Restore along with the System State (very important), reboot and the server should be back online.

  16. #14

    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,217
    Thank Post
    116
    Thanked 332 Times in 274 Posts
    Blog Entries
    4
    Rep Power
    115
    Quote Originally Posted by Michael View Post
    Ahh thanks Jamesb, makes more sense now. If MManjra's re-installed Server 2003 from new, you just need to give it the same computer name and IP address, then perform a System Restore along with the System State (very important), reboot and the server should be back online.
    I have the feeling that there's no system state backup, or other backup, otherwise I doubt a reinstall would be used.

    Thing is that even if there is a backup it could well be corrupted, looking at the original error.

    But yep, in any other case yours is by far and away the easiest fix.

  17. #15

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,266
    Thank Post
    242
    Thanked 1,575 Times in 1,254 Posts
    Rep Power
    341
    Realistically then I see no other way but to re-create the domain from scratch which is a massive job!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Active Directory-Script for Creating Bulk Users
    By calapso in forum How do you do....it?
    Replies: 8
    Last Post: 14th January 2009, 06:32 PM
  2. Importing new users into Active Directory
    By Mr_M_Cox in forum How do you do....it?
    Replies: 16
    Last Post: 4th November 2008, 11:36 AM
  3. Replies: 2
    Last Post: 28th November 2007, 04:40 PM
  4. PDA and Active Directory
    By localzuk in forum Windows
    Replies: 4
    Last Post: 10th October 2007, 03:54 PM
  5. TeraStation and Active Directory
    By mmoseley in forum Hardware
    Replies: 4
    Last Post: 6th September 2007, 01:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •