Export (0) Print
Expand All invalidateRidPool

This operation causes the DC to discard its current pool of RIDs, used for allocating security principals in the directory. The DC requests a fresh pool of RIDs from the DC that owns the RID Master FSMO, per the procedure documented in [MS-DRSR] section (PerformExtendedOpRequestMsg, ulExtendedOp = EXOP_FSMO_REQ_RID_ALLOC). The LDAP Operations returns success when the RID pool has been invalidated. Obtaining a fresh pool of RIDs from the DC that owns the RID Master FSMO is an asynchronous operation.

The requester must have the "Change-RID-Master" control access right on the RID Manager object, which is the object referenced by the rIDManagerReference attribute located on the root of the domain NC. The requester must also have read permission on the previously mentioned rIDManagerReferenceattribute. This operation cannot be performed on an RODC; an RODC returns the error unwillingToPerform / ERROR_INVALID_PARAMETER.

In order to perform this operation, the requester provides the domain'sSID, in binary format (defined in [MS-DTYP] section 2.4.2), as the value of the modify operation.

The following shows an LDIF sample that performs this operation. LDIF requires that binary values, like the domain SID, be base-64 encoded.

changetype: modify
add: invalidateRidPool
invalidateRidPool:: base-64 encoding of the binary-format domain SID
© 2014 Microsoft