![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 57.99999999999999%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJJ%3C/text%3E%3C/svg%3E)
7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 37%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
Hi, I'm Henry! I will help you with this.
This is a classic issue when a Domain Controller (DC) cannot contact the RID Master FSMO role holder, or if it is the RID Master itself and has issues. Each DC needs a pool of Relative IDs (RIDs) to create new security principals (users, groups, computers).
Since you've moved the VM, the most likely cause is a networking issue on the guest VM on the new Windows 11 host, preventing it from either functioning correctly as the RID Master or contacting the RID Master (if there are other DCs, though your description sounds like this might be the only one). Before troubleshooting, you can reference these links to check for existing issues
- https://support.microsoft.com/en-us/topic/error-message-windows-cannot-create-the-object-because-the-directory-service-was-unable-to-allocate-a-relative-identifier-5632c8d6-0cce-60f4-630a-9fe28f72b3ad
- https://learn.microsoft.com/en-us/answers/questions/1256791/directory-service-was-unable-to-allocate-a-relativ
Below are some steps for troubleshooting:
- Check Network Configuration of the VM on the Windows 11 Host:
- Virtual Switch:
- Open Hyper-V Manager on the Windows 11 host.
- Go to the settings of your imported DC virtual machine.
- Under "Network Adapter," ensure it's connected to a virtual switch that provides the necessary network connectivity.
- If this DC is meant to be isolated for a lab, an "Internal switch" might be fine, but you need to ensure the DC's IP configuration is self-consistent.
- If it needs to talk to other machines (even potentially other DCs in the future or clients), ensure the vSwitch is configured correctly (e.g., "External" and bound to a physical NIC if it needs outside access, or a correctly configured "Internal" or "Private" switch).
- IP Configuration within the DC VM:
- Log in to the DC virtual machine.
- Open Command Prompt or PowerShell as an Administrator.
- Run
ipconfig /all.- IP Address: Is it set correctly? If it was static, is that IP still valid/non-conflicting in the new virtual network environment?
- Subnet Mask: Correct?
- Default Gateway: Correct for its new virtual network? (May not be needed if it's purely internal and only talking to itself/other VMs on the same vSwitch).
- DNS Servers: This is CRITICAL for a DC.
- If this is the ONLY DC in the domain: Its primary DNS server must be its own IP address (e.g., if its IP is 192.168.1.10, DNS should be 192.168.1.10) or 127.0.0.1. It should not point to an external DNS server as primary.
- If there are other DCs (unlikely from your description): It should point to another reliable AD DNS server first, then itself as secondary, or vice-versa.
- Correct any misconfigurations in the Network Adapter properties within the VM.
- Try pinging its own IP address: ping <DC_IP_Address>
- Try pinging 127.0.0.1
- Check DNS Resolution within the DC VM:
- Still within the DC VM's command prompt:
-
nslookup <your_domain_name>(e.g., nslookup mylab.local) -
nslookup <dc_hostname> - These should resolve correctly to the DC's IP address(es). If not, your DNS server service on the DC might not be running or configured correctly, or the client resolver settings (see step 1) are wrong.
-
Let me know if any of these solutions work for you