AD limits

[Mathieu]

Hi,

In a school, I administer 3 computerrooms with about 100 clients and one
domaincontroller and one domain.

The computers are in use from 8 am till 10 pm. There are more then 1200
users. They all have there own account, and are in about 70 OU's in AD.

Is AD limited?
I have an 16645 error now, where I have contacted MS to solve the problem.
In Microsoft Knowledge Base Article - 316201, MS says:

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products
that are listed at the beginning of this article.

Do they give me the help for free?

Can the problem have a influence on the network speed?

Thanks for your help

Mathieu

 

[Matjaz Ladava [MVP]]

No Ad is not limited in any way. there are AD configurations that hold 10
mio objects and they work.
What you are seeing is, that your RID master is not available and that your
DC can not get a new pool of RID's to create new user accounts. Run netdom
query fsmo on your DC (netdom is located on Support tools) and locate the
server that holds RID master role. This server is responsible for giving out
RID pools (500 at once) to other servers, so that they can create user
accounts.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

 

[Mathieu]

Hi,

The AD users and computerd snap in disappears sometimes. Then I have to
restart the server and AD finds the domain back again.
In AD Sites and ... all seames to be all right. The domain and forest are
active.
Is it possible that DNS is involved? My server is the only server in the
domain. It does DNS, DHCP for all the clients.
In the network (fysically) there is a second NT4 domain. It gets its IP's
from the W2k dhcp.
In DHCP I gave the w2k server for DNS and the NT4 server in the second place
and than the providers first and second server. I think that is totaly
wrong. Is it not?
In that w2k server I installed TREE network cards. They are all registered
in DNS. Is that wrong to?
When I want to make an account for computer or user on the server itself, I
get the message that AD has made empty the Relative ID's group. And in
eventlog system the 16645 event message.

I think I have mixed up the server to make it faster.
The two domains with other versions are a problem to.

Mathieu

The second domain is for schooladministration.

 

[Matjaz Ladava [MVP]]

Multihomed DC is never a great idea, and it can lead into problems. why do
you need three NIC's is your server also acting as a router ? Generally AD
needs DNS to function properly, so the clients that are authenticating to
your AD need to point their DNS settings to AD DNS server (and of course
server must point its DNS settings to itself). If you are talking to Windows
NT4 domain, then you need to use WINS server to have a proper name
resolution with NT4 domain. You should describe your network topology more
in detail for me to understand your problem.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com

 

[Guest]

Is it safe to remove 2 network cards?

 

[Matjaz Ladava [MVP]]

It depends on what they were used for, but normally you should be ok.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com