Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following steps are used to generate a unique RID on a DC configuration.
Let Rid-Set be the directory object referenced in the rIDSetReferences attribute, as stored on the configured computer object for the host server.
Let Rid-Range be the range specified by the rIDPreviousAllocationPool attribute of the Rid-Set object. The lower bound of the Rid-Range is the first 32-bit integer (in little-endian byte order) of the rIDPreviousAllocationPool attribute value. The upper bound of the Rid-Range is the second 32-bit integer (in little-endian byte order).
The server MUST generate a 32-bit integer value subject to all of the following constraints:
The value MUST be within the Rid-Range.
Any value chosen from the Rid-Range that is used for an objectSid value that is successfully committed in a transaction MUST NOT ever be used again for objectSid generation within the current ___domain.
If the constraints in step 1 cannot be satisfied because the rIDPreviousAllocationPool attribute does not exist or because all possible RIDs within the Rid-Range have been consumed:
If the rIDAllocationPool attribute of the Rid-Set object exists and has a value different from that of rIDPreviousAllocationPool, the server copies the value of rIDAllocationPool to rIDPreviousAllocationPool, and attempts to generate a 32-bit value according to the constraints in step 1.
If the rIDAllocationPool attribute of the Rid-Set object does not exist or has a value identical to that of rIDPreviousAllocationPool, the server MUST call the IDL_DRSGetNCChanges method (as specified in [MS-DRSR] section 4.1.10) to obtain a (new) value for rIDAllocationPool, copy this value to rIDPreviousAllocationPool, and attempt to generate a 32-bit value according to the constraints in step 1. The server MAY also return an error code if the constraints in step 1 cannot be satisfied.<38>