Active Directory® 디렉터리 서비스가 다음 응용 프로그램 디렉터리 파티션에 대한 기본 보안 설명자를 올바르게 만들지 못했습니다.
샘플 이벤트:
Active Directory가 다음 응용 프로그램 디렉터리 파티션에 대한 기본 보안 설명자를 올바르게 만들지 못했습니다. 응용 프로그램 디렉터리 파티션: %3
추가 데이터
오류 값: %1 %2
새로 만든 응용 프로그램 디렉터리 파티션에서 ACL(access control list)을 확인하십시오. Replication Get Changes All 액세스 권한이 엔터프라이즈 도메인 컨트롤러 그룹에 할당되어 있는지 확인하고, 도메인 컨트롤러 그룹에서 해당 권한을 제거하십시오.
자세한 내용은 다음을 참조하십시오.
Target | Microsoft.Windows.Server.2003.AD.DomainControllerRole | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 1979 | ||
Event Source | NTDS General | ||
Alert Generate | True | ||
Alert Severity | Warning | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Directory Service | ||
Comment | Mom2005ID='{ED743F17-79E5-4B01-BB46-B4226F0FF883}';MOM2005GroupID= |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
CollectEventData | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
CollectEventDataWarehouse | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="Active_Directory_cannot_create_the_default_security_descriptor_for_an_application_directory_partition_5_Rule" Comment="Mom2005ID='{ED743F17-79E5-4B01-BB46-B4226F0FF883}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Directory Service</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1979</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>NTDS General</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Channel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Directory Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>1</Severity>
<AlertOwner>$Data/PublisherName$</AlertOwner>
<AlertMessageId>$MPElement[Name="Active_Directory_cannot_create_the_default_security_descriptor_for_an_application_directory_partition_5_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>