Computers & ProgrammingComputers & NetworkingWindows Server

The RID Master

June 15, 2022

The RID Master is one of the five Flexible Single Master Operations (FSMO) roles found in an Active Directory (AD) forest. There is only one Domain Controller (DC) in each domain that holds this role.

By default, this is the first server that was promoted to a DC in the domain. The main purpose of the RID Master is to allocate sequences of relative IDs to each of the other domain controllers in the same domain. At any given time, only one DC in the domain can hold this role.

Whenever a domain controller creates an object such as a user, group, or computer objects (which are all security principals), the DC will assign the object a unique security ID. This ID consists of a domain security ID which is the same for all of the other security IDs created in the domain, and a relative ID that is unique for each security ID created in the domain.

The RID Master allocates chunks (blocks of 500) of these relative IDs to the DCs as needed. When a particular DC is low or out of relative IDs, it will contact the RID Master to obtain another chunk. The RID Master ensures that the RIDs assigned are not overlapped in any way when they are assigned to the DCs in the domain.

Whenever an object is moved between domains in the same forest, the move should be initiated on the domain controller that is holding this role. You can move objects between domains using movetree.exe or ADTM (Active Directory Migration Tool).

There is no need to delete the object in one domain and recreate it in the other. That action would cause the loss of the security ID mapping to the object. The object will then lose access to resources that were assigned to that security ID.

If the DC for the RID Master was to fail, you probably wouldn’t see the impact right away. You would begin to see the impact on services as DCs begin to replenish their relative IDs. If a DC runs out of relative IDs, it will not allow you to create the security principal (user, group, and computer objects). Transferring the RID Master role can be done while the servers are online or can be seized using the ntdsutil command.

Using the Active Directory Users and Computers snap-in, connect to the target DC. Then, right click the domain object and click on Operations Master.

In the top box, the current DC holding the role should be displayed. In the lower box, you should see the name of the DC to whom you wish to transfer the role.

9Bb387B808Cb4667875D8933F8Dba2Ff

Or, using the ntdsutil.exe command, type roles and hit Enter. Then type connections and hit Enter. Next type connect to server servername and hit Enter. Type quit and hit Enter. The system will bind and continue.

Then type transfer rid master and hit Enter. A confirmation dialog box will be displayed. Click on Yes. The system will provide some feedback in regards to this action.

260Fa0C6B7Bd4A61A7073336Cc00E506

The process of transferring the RID Master role is complete.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Paul Burch
Paul BurchAuthor

Paul is a passionate programmer who enjoys writing about all things technical. He likes getting into the nitty-gritty of technology and describing it in a way that anybody can understand.

Latest Posts
How To Upload Mp3 To Youtube
How To Upload MP3 to YouTube
October 16, 2023
How To See Youtube Thumbnail
How To See YouTube Thumbnail
October 16, 2023
How To Merge Youtube Accounts
How To Merge YouTube Accounts
October 16, 2023
Related Posts
Ajax And Browser Caching Issues
AJAX and Browser Caching Issues
February 11, 2022
Active Directory Search Limit
Active Directory Search Limit
February 23, 2022
How To Automatically Redirect From Http To Https
How to Automatically Redirect From HTTP to HTTPS
February 11, 2022
Scroll to Top