Topic Last Modified: 2005-11-17

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value of the fSMORoleOwner attribute of the relative ID (RID) operations master in the Domain Naming Context. For example, in a domain called contoso.com, fSMORoleOwner for the RID operations master is an attribute of CN=RID Manager$, CN=System, DC=contoso, DC=com. The Exchange Server Analyzer then tries to open a Lightweight Directory Access Protocol (LDAP) connection to TCP port 389 on the domain controller that currently holds this role. If the Exchange Server Analyzer cannot connect to this domain controller, an error is displayed.

The RID master allocates relative IDs to all domain controllers to ensure that all security principals have a unique identifier. You can create a new security principal object (user, group, or computer) on any domain controller. When you create a security principal object, the domain controller attaches a unique security identifier (SID) to the object. There are four elements of a domain SID, one of which is the RID for the domain. The RID operations master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any time, there can be only one domain controller acting as the RID master in the domain.

To correct this error

  1. Verify that the directory server specified in the error is online and accessible by Exchange servers in your organization.

  2. If this directory server has been decommissioned, you must assign the RID master role to another domain controller.

For more information about transferring the RID operations master role from one domain controller to another domain controller, see the following Microsoft Knowledge Base articles: