18.104.22.168 RID Master FSMO Role
The RID Master FSMO role owner is the single DC responsible for processing RID pool requests from all DCs within a given domain. It is also responsible for moving an object from one domain to another during an interdomain object move.
When a DC creates a security principal object such as a user or group, it attaches a unique SID to the object. This SID consists of a domain SID (the same for all SIDs created in a domain) and a relative ID (RID) that is unique for each security principal SID created in a domain.
RIDs are allocated from a RID pool that is controlled by the RID Master FSMO. When a new domain is created, the rIDAvailablePool attribute on the RID Manager object is set to a value of 4611686014132421709. This value defines the minimum and maximum RIDs that will be allocated by the RID Master FSMO within the domain. See [MS-DRSR] section 22.214.171.124.12 for details on how this attribute is used by the RID Master FSMO. Each DC in the domain is then allocated a pool of RIDs that it is allowed to assign to the security principals it creates.
When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID Master FSMO role owner (see [MS-DRSR] section 126.96.36.199.3, PerformExtendedOpRequestMsg with ulExtendedOp = EXOP_FSMO_RID_REQ_ROLE). The RID Master FSMO role owner responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC (see [MS-DRSR] section 188.8.131.52.12, ProcessFsmoRoleRequest with ulExtendedOp = EXOP_FSMO_RID_REQ_ROLE). There is one RID Master FSMO role per domain in a directory.
See section 184.108.40.206 for more information about the RID Master's role in interdomain object move operations.