[Samba] Excessive allocations from RID master

Kristofer kristofer at cybernetik.net
Thu Jul 11 19:02:06 MDT 2013 

To add to this, I let my script continue until the rIDNextRID reached the end of the pool.  This caused a waste of about 129,000 RID's.

This concerns me because Microsoft has used 8 billion RID's in 12 years (http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx), and I have burned through almost 5 million in less than a year - and my organization is nowhere near the size of M$.

With Samba not supporting domain trusts, there is no ability to migrate users to a new domain, so if this is to continue and cause an excessive RID pool depletion, the missing domain trust feature of Samba will leave users dead with no way to get users onto a new domain with a fresh RID pool.


== Thu Jul 11 20:56:55 EDT 2013 =====================
dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
rIDAvailablePool: 4889100-1073741823

dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
rIDPreviousAllocationPool: 4760100-4760599
rIDUsedPool: 38
rIDAllocationPool: 4889100-4889599
rIDNextRID: 4760598

== Thu Jul 11 20:56:57 EDT 2013 =====================
dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
rIDAvailablePool: 4890100-1073741823

dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
rIDAllocationPool: 4889600-4890099
rIDPreviousAllocationPool: 4889600-4890099
rIDUsedPool: 39
rIDNextRID: 4889601

On Jul 11, 2013, at 7:54 PM, Kristofer <kristofer at cybernetik.net> wrote:

> I have a script that is adding about 16,000 users to my domain.
> 
> While monitoring the script, I noticed that as soon as a user is added, 500 additional RID's are allocated from the RID Master
> 
> Please see below the output of the "CN=RID Manager$,CN=System" and "CN=RID Set,CN=DC1,OU=Domain Controllers" containers between each user-add
> 
> As you can see, in "CN=RID Set,CN=DC1,OU=Domain Controllers" rIDNextRID increments by one between each user, but there is a new rIDAllocationPool each time.  And to match that, inside of the "CN=RID Manager$,CN=System" container the rIDAvailablePool gets depleted by 500 between each new user.
> 
> Is this normal behavior, or a bug?  I thought the DC only requests 500 additional RID's when it was close to being depleted - not on each object addition.
> 
> 
> == Thu Jul 11 20:45:59 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4837600-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4837100-4837599
> rIDNextRID: 4760494
> 
> == Thu Jul 11 20:46:10 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4838100-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4837600-4838099
> rIDNextRID: 4760495
> 
> == Thu Jul 11 20:46:21 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4838600-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4838100-4838599
> rIDNextRID: 4760496
> 
> == Thu Jul 11 20:46:32 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4839100-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4838600-4839099
> rIDNextRID: 4760497
> 
> == Thu Jul 11 20:46:44 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4839600-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4839100-4839599
> rIDNextRID: 4760498
> 
> == Thu Jul 11 20:46:55 EDT 2013 =====================
> dn: CN=RID Manager$,CN=System,DC=ad,DC=domain,DC=com
> rIDAvailablePool: 4840100-1073741823
> 
> dn: CN=RID Set,CN=DC1,OU=Domain Controllers,DC=ad,DC=domain,DC=com
> rIDPreviousAllocationPool: 4760100-4760599
> rIDUsedPool: 38
> rIDAllocationPool: 4839600-4840099
> rIDNextRID: 4760499
> 
>

More information about the samba mailing list