Announcement

Collapse
No announcement yet.

Expantion of rid master capacity

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Expantion of rid master capacity

    Hi All!

    Please I need a guide on how to expand RID master capacity more than 500.

    Please let your response be detailed.


    Thanks.

  • #2
    Re: Expantion of rid master capacity

    There is a registry setting (documented here) that can be changed

    However, as with all tinkering with AD, you should ask yourself very carefully "do I really need to do this" and be sure there is a business case for it! Make sure you have backups ( or an offline DC) before you change it

    In general, blocks of 500 RIDs per DC are more than sufficient unless there is bulk creation of large numbers of objects (students at the start of a year, for example)
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Expantion of rid master capacity

      Thanks for your quick response @ Ossian. In a case whereby new recruitment/admission is made with a very large number of users which prompt the need for RID master expansion with available DC in house. How would I go about it.

      Thanks.

      Comment


      • #4
        Re: Expantion of rid master capacity

        Originally posted by azedas101 View Post
        How would I go about it.

        Thanks.
        1) Click on the word "here" in my post above
        (alternatively click on the same link here: http://technet.microsoft.com/en-us/l.../jj574229.aspx)
        2) Scroll down the page till you get to the section "RID Block Size Limit"
        3) Read the section, specifically the warnings if you make the RID pool too large
        4) Read the rest of the article and make sure there are not any unexpected consequences in your infrastructure (about which we know nothing)
        5) Edit the registry on your DCs (or the ones which will be responding to the requests)
        6) A reboot is not specified but may be needed
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Expantion of rid master capacity

          There should never be any reason to increase the number of RIDs allocated at one time. I can create 1500 - 2000 security principals in a single nightly onboarding event. I'd be interested in understanding why you wish to increase the size of the pool.... maybe there is a better way to approach your issue.
          Rules of life:
          1. Never do anything that requires thinking after 2:30 PM
          2. Simplicity is godliness
          3. Scale with extreme prejudice


          I occasionally post using a savantphone, so please don't laugh too hard at the typos...

          Comment


          • #6
            Re: Expantion of rid master capacity

            Have to say, I'm inclined to agree, but since it can be done, someone must have had a reason to do it.

            @azedas101: How many DCs do you have, as each one has its own RID pool
            Also is the RIDMaster FSMO holder in a separate site as if not, it should provide a new 500 block on demand, without any lags.

            Basically, have you actually hit a problem, or do you think you might hit one?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Expantion of rid master capacity

              I haven't encounter any problem on RID master in creating users. I am only foreseeing. For numbers of DC, I intended 3 in the following design.

              Server1 with the following FSMO:
              1. Domain naming role.
              2. Schema role with GC residing.

              Server2 with the following FSMO:
              1. Infrastructure Master.
              2. PDC Emulator.
              3. RID master.

              Server3 to be a replica DC

              Thanks

              Comment


              • #8
                Re: Expantion of rid master capacity

                If you don't have any current problems, I would not bother fixing them.

                Assuming all three DCs are in the same site, you will be able to create 1500 objects before you run short of RIDs. Assuming the RIDMaster is available (and there is no reason it will not be) the pool will be recreated immediately any one DC runs short.

                The only thing I would suggest is to have more than 1 GC. if it is a single domain forest, all DCs can be GCs. If it is multidomain, IIRC best practice is not to make the InfrastructureMaster a GC
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment


                • #9
                  Re: Expantion of rid master capacity

                  Originally posted by Ossian View Post
                  If you don't have any current problems, I would not bother fixing them.

                  Assuming all three DCs are in the same site, you will be able to create 1500 objects before you run short of RIDs. Assuming the RIDMaster is available (and there is no reason it will not be) the pool will be recreated immediately any one DC runs short.
                  For clarity, the default pool size is 500 and a domain controller will refresh the rid pool when 20% of the pool remains (IIRC - I can look it up if its critical). Unless you are creating objects at a rate that would consume the remaining 100 RIDs on a given DC before the new pool is provided, there is no need to 'customize' your domain. Remember to keep things simple. Once you start changing things - even trivial - they have to become considerations as you scale or as you consider service lifecycle.
                  Rules of life:
                  1. Never do anything that requires thinking after 2:30 PM
                  2. Simplicity is godliness
                  3. Scale with extreme prejudice


                  I occasionally post using a savantphone, so please don't laugh too hard at the typos...

                  Comment

                  Working...
                  X