3.1.1.9.2.1 DC Configuration

The following steps are used to generate a unique RID on a DC configuration.

Let Rid-Set be the directory object referenced in the rIDSetReferences attribute, as stored on the configured computer object for the host server.

Let Rid-Range be the range specified by the rIDPreviousAllocationPool attribute of the Rid-Set object. The lower bound of the Rid-Range is the first 32-bit integer (in little-endian byte order) of the rIDPreviousAllocationPool attribute value. The upper bound of the Rid-Range is the second 32-bit integer (in little-endian byte order).

1. The server MUST generate a 32-bit integer value subject to all of the following constraints:

   1. The value MUST be within the Rid-Range.

   2. Any value chosen from the Rid-Range that is used for an objectSid value that is successfully committed in a transaction MUST NOT ever be used again for objectSid generation within the current domain.

2. If the constraints in step 1 cannot be satisfied because the rIDPreviousAllocationPool attribute does not exist or because all possible RIDs within the Rid-Range have been consumed:

   1. If the rIDAllocationPool attribute of the Rid-Set object exists and has a value different from that of rIDPreviousAllocationPool, the server copies the value of rIDAllocationPool to rIDPreviousAllocationPool, and attempts to generate a 32-bit value according to the constraints in step 1.

   2. If the rIDAllocationPool attribute of the Rid-Set object does not exist or has a value identical to that of rIDPreviousAllocationPool, the server MUST call the IDL_DRSGetNCChanges method (as specified in [MS-DRSR] section 4.1.10) to obtain a (new) value for rIDAllocationPool, copy this value to rIDPreviousAllocationPool, and attempt to generate a 32-bit value according to the constraints in step 1. The server MAY also return an error code if the constraints in step 1 cannot be satisfied.<38>