0

As i have a parent - child domain in my network as the parent is situated in other geographical location and they both are connected via VPN as i was working on a Bare metal backup & restore process and suddenly found out that after taking backup of child domain and restoring it on a separate hardware which i did not connect to the same network of the parent.

(Note : the restoration was successful)

The issues i faced after restoring is mentioned below. (Note : i did not connect it to the same network as of the parent).

  1. After restoration process we found out the Active Directory, DNS & DHCP were fully functional.

  2. We found some issues with the active directory, As we could not create a new user account or computer object in the Active Directory

  3. The existing domain user accounts could not login in to the workstation.

  4. Does the parent connectivity is required after restoration of the child domain ??.

...

Really would appreciate if someone would shed some light on this matter.

Samuel Fernandes
  • 21
  • 2
  • 5

1 Answers1

2

I'm going to quote from a KB article that comes up when I search for your error message, "Windows cannot create the object (name of the object) because:The directory services was unable to allocate a relative identifier":

This problem may occur if the domain controller that held the operations master role (also known as flexible single master operations or FSMO) of RID Master was removed from the domain and restored from backup. If the role of RID Master was forced onto another domain controller as a temporary replacement, when the original RID Master is restored and returned to the domain, it does not replicate with its direct replication partner and does not reclaim the role of RID Master.

Windows 2000 Service Pack 3 and Windows Server 2003 introduced features designed to help avoid the adverse effects of duplicate operations master roles existing in the same forest or domain. Domain controllers perform an initial synchronization at startup on each naming context hosted on a particular domain controller. A domain controller that holds the Schema Master, Domain Naming Master, RID Master, PDC emulator, or the Infrastructure Master role does not assume ownership of the role until it synchronizes with at least one neighbor for each writeable naming context.

This article is actually for 2000 and 2003, but it certainly sounds similar to your situation. A technet article says,

The new DC has not gotten an allocation of RID's from the RID Master. Perhaps this DC cannot communicate with the RID Master, perhaps because of DNS problems. Do you get errors when you run dcdiag on the DC?

and suggests that you run the command netdom query fsmo to find the RID Master. I suspect that it's going to tell you that the restored DC isn't the RID master for the Child domain, and/or that it refuses to take on the role of RID master until it "speaks" to at least one other DC.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59
  • I think he's going to find that the domain controller he backup up and restored didn't/doesn't hold the RID master FSMO role. It's (typically) a domain-specific FSMO role, so unless he backed up and restored ALL of the domain controllers for that domain, there likely just isn't a domain controller in that domain holding the RID Master role currently. He should seize the RID (and all other FSMO roles) on the now separated domain/domain controller to get back up and running. That being said, I would not have recommended doing a domain migration this way. – Cory Plastek Jan 02 '15 at 18:28
  • I think you're right, and I wouldn't have done it that way, either. It sounds like he doesn't have multiple DCs in Child, but I shouldn't assume that. I'll edit my answer; thanks. – Katherine Villyard Jan 02 '15 at 20:02
  • @ Cory Plastek no i am are not migrating a domain i was just testing that if the backup can restored properly with no error ( As i ma new to this ). – Samuel Fernandes Jan 05 '15 at 13:46
  • @ Katherine Villyard yes I do have a ADC in my child, but as the parent doesn't have the backup of my current DC`s Active Directory & DNS so I need some redundancy. I am also facing a replication problem but that is a another part and as well as a memory leak issue in my ADC and I cannot Find which process is doing this. – Samuel Fernandes Jan 05 '15 at 13:55