Hi,
the local domain range that is visible with ipa idrange-find shows the IDs that IPA should use when it creates new users / new groups. That configuration is set for the whole topology, stored in the LDAP tree that is replicated across the servers (below cn=ranges,cn=etc,$BASEDN)
If there are n servers, they need to agree on a split of the existing range, so that server1 and server2 do not create new entities with conflicting ids.
At the server level, each server assigns new IDs based on its local configuration stored in cn=Posix IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config (=not replicated). This setting is called the DNA range (Distributed Numeric Assignment) and can be seen globally with the command ipa-replica-manage dnarange-show. The DNA ranges configured on each server must remain inside the local domain range, and must not overlap between the servers.
What is your current DNA range setting? It looks like one of your servers has a DNA range outside of the domain local range.
flo