DCs Setup for Relative Identifier (RID) Master
- When an object which is a security principal (such as user, computer or security group) is created on a DC, a security identifier or SID is assigned to the object.
- The SID is made up of the Domain’s SID + a relative identifier.
- Each DC in the domain is assigned a unique RID pool in blocks of 500.
- When the RID pool is 50% saturated, the DC requests a new block from the RID master.
- Without a functioning RID Master, nothing is affected until a DC’s RID pool is exhausted.
- In which case you will have to create these type of objects on another DC in the same domain.
- If all DCs in the domain exhausted their RID pool, then no new objects of this type can be created.