NTDS SDPROP error after upgrade to Windows 2000

Discussion in 'Active Directory' started by DB, Apr 7, 2004.

  1. DB

    DB Guest

    I have a single domain with two domain controllers. Both were running
    Windows 2000 AD in native mode with Exchange 2003 (mixed mode) on separate
    machines.

    The upgrade was smooth, however, since then one domain controller is
    producing the following directory service even log error. Every 30 minutes
    a new set of errors comes into the even log. All errors are the same
    except for the cn=internal (a different number). Does anyone know what is
    causing this. There seems to be very little on the subject.

    Event Type: Error
    Event Source: NTDS SDPROP
    Event Category: Internal Processing
    Event ID: 2008
    Date: 4/7/2004
    Time: 6:05:12 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: TALDC01
    Description:
    Internal error: The security descriptor propagation task encountered an
    error while processing the following object. The propagation of security
    descriptors may not be possible until the problem is corrected.

    Object:
    CN=internal 46130430,CN=Microsoft Exchange System Objects,DC=ASD,DC=com

    Additional Data
    Error value:
    -1112 []
    Internal ID:
    2080495

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
     
    DB, Apr 7, 2004
    #1
    1. Advertisements

  2. You are getting JET_errRecordTooBigForBackwardCompatibility. Your object has
    too many values on it. SDP needs to stamp another one, and is unable to do
    it, because the object is full. You can only have ~850 values (non-linked)
    on an object in w2k mode, and ~1300 in w2k3 mode.

    Just go to this object and remove some values. Most likely, you have too
    many certs on this object. I have also seen too many IM contacts.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Apr 7, 2004
    #2
    1. Advertisements

  3. DB

    DB Guest

    What interface is used to manipulate these objects? Active Directory Users
    and Computers shows the objects but has no properties and I don't see them
    in Exchange System Manager.

    David B.



     
    DB, Apr 8, 2004
    #3
  4. Try adsiedit or ldp. LDP is the easiest, it shows all attributes when you
    double-click on the object.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm

     
    Dmitri Gavrilov [MSFT], Apr 8, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.