Home
  •  

Active Directory Nested Foreign Security Principal could not be resolved

Active_Directory_Nested_Foreign_Security_Principal_could_not_be_resolved_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

During synchronization with Active Directory, Office Project Server 2007 could not resolve a nested Active Directory foreign security principal. The foreign security principal could either be a user or a group residing in a remote Active Directory forest or external domain.

This warning message does, however, verify that the top-level Active Directory group was resolved. This means that communication between the Office Project Server 2007 application server that initiated the Active Directory synchronization and the Active Directory domain or forest to which the top-level Active Directory group belongs was successfully established, but the foreign security principal listed in the Windows NT Event log cannot be resolved. Active Directory synchronization has been tagged for partial failure.

 
Causes

Possible causes include:

  • The Active Directory group no longer exists in the Active Directory store. For example, the group may have been deleted by an administrator.
  • The Project Server application server's Shared Services Provider (SSP) account does not have read access to the Active Directory group or user object listed in the Windows NT Event log.

A communication problem exists between Office Project Server 2007 and the Active Directory domain in which the Active Directory group or user object resides.

 
Resolutions

Possible resolutions include:

  • Verify that at least one Active Directory group exists in the Active Directory store with the same Active Directory GUID that is stored in the Project Server application server.
  • Use the ADSI Edit tool to check security permissions on individual Active Directory group and user objects. The SSP account must be able to read all Active Directory group and user objects that are involved in the synchronization process.

Note: The ADSI Edit tool is available on the Windows Server 2003 CD-ROM.

  • Ensure the local Active Directory forest or domain has access to the remote Active Directory forest or domain on which the foreign security principal resides.
 
© %StartDate%-%EndDate% %CompanyName%, all rights reserved.

Element properties:

TargetMicrosoft.Office.ProjectServer.2007.Microsoft_Office_Project_Server_2007_Application_Servers_Installation
CategoryEventCollection
EnabledTrue
Event_ID7721
Event SourceOffice SharePoint Server
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityLow
RemotableTrue
Alert Message
Active Directory Nested Foreign Security Principal could not be resolved

$Data/EventDescription$
Event LogApplication
CommentMom2005ID='{0F47B551-6424-4EE4-B50C-06EB3C966BA0}';MOM2005ComputerGroupID={0CC3D849-D95B-4E04-8C8C-4268D9401457}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="Active_Directory_Nested_Foreign_Security_Principal_could_not_be_resolved_1_Rule" Target="Microsoft.Office.ProjectServer.2007.Microsoft_Office_Project_Server_2007_Application_Servers_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{0F47B551-6424-4EE4-B50C-06EB3C966BA0}';MOM2005ComputerGroupID={0CC3D849-D95B-4E04-8C8C-4268D9401457}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Office SharePoint Server</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7721</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">

      <AlertGeneration>

        <GenerateAlert>true</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>30</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>Active Directory Nested Foreign Security Principal could not be resolved</Name>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>