DCs Setup for Relative Identifier (RID) Master

  • When an object which is a security principal (such as user, computer or security group) is created on a DC, a security identifier or SID is assigned to the object.
  • The SID is made up of the Domain’s SID + a relative identifier.
  • Each DC in the domain is assigned a unique RID pool in blocks of 500.
  • When the RID pool is 50% saturated, the DC requests a new block from the RID master.
  • Without a functioning RID Master, nothing is affected until a DC’s RID pool is exhausted.
  • In which case you will have to create these type of objects on another DC in the same domain.
  • If all DCs in the domain exhausted their RID pool, then no new objects of this type can be created.