So, my RID master gives all DCs a pool of 500 RIDs. I just noticed that i have around 15000 security principles but my issues RID number stand over 47000. SO i ran the command to capture all SIDs (including deleted items).
Ref: http://blogs.technet.com/b/askds/archive/2011/09/12/managing-rid-pool-depletion.aspx
So I ran
Get-ADObject -Filter 'objectclass -eq "user" -or objectclass -eq "computer" -or objectclass -eq "group"' -properties objectclass,samaccountname,whencreated,objectsid,uSNCreated -includeDeletedObjects | select-object objectclass,samaccountname,whencreated,objectsid,uSNCreated | Export-CSV riduse.csv -NoTypeInformation -Encoding UTF8
What I realized is that not all RIDs are being used. If i look at a block of 100 (lets say from from 45K to 46K) only 56 RIDs have been used. What I can check to see what is happening to the rest ? Why are my DCs not using all ths RIDs ?
Thanks
Pranav