To add to this, I let my script continue until the rIDNextRID reached the end of
the pool. This caused a waste of about 129,000 RID's.
This concerns me because Microsoft has used 8 billion RID's in 12 years
(http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx),
and I have burned through almost 5 million in less than a year - and my
organization is nowhere near the size of M$.
With Samba not supporting domain trusts, there is no ability to migrate users to
a new domain, so if this is to continue and cause an excessive RID pool
depletion, the missing domain trust feature of Samba will leave users dead with
no way to get users onto a new domain with a fresh RID pool.
== Thu Jul 11 20:56:55 EDT 2013 ====================dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
rIDAvailablePool: 4889100-1073741823
dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
rIDPreviousAllocationPool: 4760100-4760599
rIDUsedPool: 38
rIDAllocationPool: 4889100-4889599
rIDNextRID: 4760598
== Thu Jul 11 20:56:57 EDT 2013 ====================dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
rIDAvailablePool: 4890100-1073741823
dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
rIDAllocationPool: 4889600-4890099
rIDPreviousAllocationPool: 4889600-4890099
rIDUsedPool: 39
rIDNextRID: 4889601
On Jul 11, 2013, at 7:54 PM, Kristofer <kristofer at cybernetik.net>
wrote:
> I have a script that is adding about 16,000 users to my domain.
>
> While monitoring the script, I noticed that as soon as a user is added, 500
additional RID's are allocated from the RID Master
>
> Please see below the output of the "CN=RID Manager$,CN=System"
and "CN=RID Set,CN=DC1,OU=Domain Controllers" containers between each
user-add
>
> As you can see, in "CN=RID Set,CN=DC1,OU=Domain Controllers"
rIDNextRID increments by one between each user, but there is a new
rIDAllocationPool each time. And to match that, inside of the "CN=RID
Manager$,CN=System" container the rIDAvailablePool gets depleted by 500
between each new user.
>
> Is this normal behavior, or a bug? I thought the DC only requests 500
additional RID's when it was close to being depleted - not on each object
addition.
>
>
> == Thu Jul 11 20:45:59 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4837600-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4837100-4837599
> rIDNextRID: 4760494
>
> == Thu Jul 11 20:46:10 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4838100-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4837600-4838099
> rIDNextRID: 4760495
>
> == Thu Jul 11 20:46:21 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4838600-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4838100-4838599
> rIDNextRID: 4760496
>
> == Thu Jul 11 20:46:32 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4839100-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4838600-4839099
> rIDNextRID: 4760497
>
> == Thu Jul 11 20:46:44 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4839600-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4839100-4839599
> rIDNextRID: 4760498
>
> == Thu Jul 11 20:46:55 EDT 2013 ====================> dn: CN=RID
Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4840100-1073741823
>
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4839600-4840099
> rIDNextRID: 4760499
>
>