Microsoft Knowledge Base Article 316201 contains the following Description:

Windows 2000 domain controllers may not be able to create user accounts, computer accounts, or security groups if the local RID pool is used up and cannot obtain a new RID pool from the RID operations master. The domain controller cannot be...