Event ID 16645 During a Large ADMA Import (325700)



The information in this article applies to:

  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Advanced Server SP2
  • Microsoft Metadirectory Services 2.2 SP1

This article was previously published under Q325700

SYMPTOMS

During the creation of a large number of enabled user objects, you may receive the following Event 16645 error message:
Source: SAM
Category: None
Event ID: 16645
Description: The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.
For example, an attempt to create 250,000 Active Directory accounts from iPlanet in one session might fail after approximately 100,000 users were processed.

CAUSE

As part of an enabled user-object-creation process, a security principal is allocated from the RID pool. If that number of enabled user-object creations is greater than the local RID pool and a request to the RID Master is unable to return a new pool in time, this symptom occurs.

RESOLUTION

To resolve this issue, point ADMA to the RID Master. For additional information about how to point ADMA to the RID Master, click the article number below to view the article in the Microsoft Knowledge Base:

269470 HOW TO: Specify a Specific Domain Controller per Domain in Active Directory Management Agent

This procedure prevents the extra processes that you must have to pull the RID Master across your network after the local RID pool is used up. After the initial load is completed, this is no longer an issue, and the ADMA can be redirected to another domain controller.

Modification Type:MajorLast Reviewed:5/28/2003
Keywords:kberrmsg kbprb KB325700