Windows 7 domain join fails with error “The directory service was unable to allocate a relative identifier."


Symptoms


When you attempt to join a Windows 7 computer to an Active Directory domain, you may receive the following error:
The following error occurred attempting to join the domain. The directory service was unable to allocate a relative identifier.

When you view the %windir%\debug\netsetup.log on the computer attempting to join the domain, you may see the following output:

05/18/2010 14:40:33:577 NetpManageMachineAccountWithSid: NetUserAdd on 'W2k3R2-Dc1.contoso.com' for 'test-PC$' failed: 0x2010
05/18/2010 14:40:33:577 NetpProvisionComputerAccount: retry status of creating account: 0x2010
05/18/2010 14:40:33:577 ldap_unbind status: 0x0
05/18/2010 14:40:33:577 NetpJoinDomainOnDs: Function exits with status of: 0x2010
05/18/2010 14:40:33:577 NetpJoinDomainOnDs: status of disconnecting from '\\W2k3R2-Dc1.contoso.com': 0x0
05/18/2010 14:40:33:577 NetpDoDomainJoin: status: 0x2010

The error code 0x2010 maps to "The directory service was unable to allocate a relative identifier" (ERROR_DS_NO_RIDS_ALLOCATED).

When you run dcdiag /v on the authenticating domain controller you may see the following error:

Starting test: RidManager

         * Available RID Pool for the Domain is 6603 to 1073741823
         * DC1 is the RID Master
         * DsBind with RID Master was successful
         Warning: attribute rIdSetReferences missing from

         CN=DC1,OU=Domain Controllers,DC=contoso,DC=com

         Could not get Rid set Reference :failed with 8481:

         The search failed to retrieve attributes from the database.

         ......................... <DCName> failed test RidManager

Cause


This issue can occur if the rIDSetReferences attribute value is not set. The attribute must be set for the domain join operation to succeed.

Resolution


To resolve this issue, perform the following steps:

  1. Logon to the domain controller using the Schema Administrator account.

  2. Click Start, select Run, type LDP and clickOK.

  3. In the LDP tool, select Connection and click Bind.

  4. From the Browse menu, select Modify.

  5. In the Modify dialog box, leave the DN field blank, and typeschemaUpgradeInProgress in the Attribute field. In theValue field, enter the number 1.

  6. Click Enter, and then click Run.

  7. Select CN=<DC name>,OU=Domain Controllers,DC=<domain name>,DC=com, clickModify and set the rIDSetReferences attribute with to the following value:

CN=RID Set,CN=<DC name>,OU=Domain Controllers,DC=<domain name>,DC=com

For example:

CN=RID Set,CN=DC1,OU=Domain Controllers,DC=Contoso,Dc=com

8. In the LDP tool, select Connection and click Disconnect. This will reset schemaUpgradeInProgress to the default.