Home
  •  

Active Directory cannot delete the access control entry (ACE) for the domain Domain Controllers security group on a newly created application directory partition

Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule (Rule)

Knowledge Base article:

Summary

The Active Directory® service was unable to delete the access control entry (ACE) for the Domain Controllers security group for the domain on the newly created application directory partition. This ACE gave the Domain Controllers security group the Replication Get Changes All right for the following newly created application directory partition.

Application directory partition: %3

Additional Data

Error value: %1 %2

Resolutions

Review the access control list (ACL) on the newly created application directory partition. Ensure that the right Replication Get Changes All is given to the Enterprise Domain Controllers security group, and then remove that right from the Domain Controllers security group for the domain.

External

For more information, see:

Element properties:

TargetMicrosoft.Windows.Server.2003.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1982
Event SourceNTDS General
Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
RemotableTrue
Alert Message
Active Directory cannot delete the access control entry (ACE) for the domain Domain Controllers security group on a newly created application directory partition
{0}
Event LogDirectory Service
CommentMom2005ID='{315A78FD-03B9-4920-A537-41922F29BFFC}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Health.GenerateAlert Default

Source Code:

<Rule ID="Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule" Comment="Mom2005ID='{315A78FD-03B9-4920-A537-41922F29BFFC}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2003Core!Microsoft.Windows.Server.2003.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Directory Service</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1982</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>NTDS General</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>Channel</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Directory Service</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>