Microsoft KB Archive/325700

= Event ID 16645 During a Large ADMA Import =

Article ID: 325700

Article Last Modified on 5/28/2003

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Metadirectory Services 2.2 Service Pack 1

-



This article was previously published under Q325700



SYMPTOMS
During the creation of a large number of enabled user objects, you may receive the following Event 16645 error message:

Source: SAM

Category: None

Event ID: 16645

Description: The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.

For example, an attempt to create 250,000 Active Directory accounts from iPlanet in one session might fail after approximately 100,000 users were processed.



CAUSE
As part of an enabled user-object-creation process, a security principal is allocated from the RID pool. If that number of enabled user-object creations is greater than the local RID pool and a request to the RID Master is unable to return a new pool in time, this symptom occurs.



RESOLUTION
To resolve this issue, point ADMA to the RID Master. For additional information about how to point ADMA to the RID Master, click the article number below to view the article in the Microsoft Knowledge Base:

269470 HOW TO: Specify a Specific Domain Controller per Domain in Active Directory Management Agent

This procedure prevents the extra processes that you must have to pull the RID Master across your network after the local RID pool is used up. After the initial load is completed, this is no longer an issue, and the ADMA can be redirected to another domain controller.

Additional query words: mms zoomit

Keywords: kberrmsg kbprb KB325700

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.