The RID master role is a domain-wide setting, and each domain in the forest can have RID role owners. It is responsible for maintaining a pool of relative identifiers that will be used when creating objects in the domain. Each and every object in a domain has a unique security identifier (SID). The RID value is used in the process of SID value creation. SID is a unique value to represent an object in Active Directory. RID is the incremental portion of the SID value. Once RID value is being used to generate a SID, it will not use again. Even after deleting an object from AD, it will not able to reclaim the RID value back. This ensure the uniqueness of the SID value. The RID role owner maintains a pool of RIDs. When the domain has multiple domain controllers, it will assign a block of 500 RID values for each domain controller. When they are used more than 50%, domain controllers will request another block of RID for the RID role owner.

In the event of an RID role owner failure, its impact will be almost unnoticeable until all domain controllers run our of allocated RID values. . It will also not allow you to move objects between domains.

In the Active Directory domain, the RID role owner can be found using the following command:

Get-ADDomain | select RIDMaster