I've run into a serious issue where a domain controller got corrupted and lost trust with the other domain controllers in my network. Currently, I only have one somewhat functional DC that I pulled from a backup, but when I run the command "dcdiag /test:ridmanager /v", I see an error stating that my "rIDPreviousAllocationPool value is not valid." This corruption means I can't add new domain computers or users, among other things. I've done some research and consulted AI, but I'm looking for a more reliable step-by-step process or any resources that could help fix this issue.
1 Answer
First off, you need to check that your semi-functional DC is the current RID Manager. If it’s not, transfer all FSMO roles to it. The error you’re seeing is normal after a restore if you’re forcing the DC to demote and promote again to get a new RID pool from the RID Master. Here’s a good guide on how to raise RID pools: [AD Forest Recovery Guide](https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-raise-rid-pool). Just remember, this step is to prevent collisions, not to fix existing corruption.
Just to clarify, we have only one DC, and my current values for rIDPreviousAllocationPool and rIDNextRID are both 0, meaning no RIDs are allocated. I've been told that simply raising the RID pool won't address the core issue since it's more about repairing the corrupt RID set on the RID Master.