AD LDS(Active Directory Lightweight Directory Services)가 새로 생성된 응용 프로그램 디렉터리 파티션에 있는 도메인 컨트롤러 보안 그룹의 ACE(액세스 제어 항목)를 삭제할 수 없습니다.

Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule (Rule)

이 규칙은 AD LDS(Active Directory Lightweight Directory Service) 이벤트 로그에 해당 이벤트가 있을 경우 경고를 표시합니다.

Element properties:

Member Modules:

Source Code:

<Rule ID="Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule" Enabled="true" Target="LDS!Microsoft.Windows.Server.LDS.Service" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>ADAM ($Target/Property[Type="LDS!Microsoft.Windows.Server.LDS.Service"]/Name$)</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1982</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>ADAM [$Target/Property[Type="LDS!Microsoft.Windows.Server.LDS.Service"]/Name$] General</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>1</Severity>

      <AlertOwner>$Data/PublisherName$</AlertOwner>

      <AlertMessageId>$MPElement[Name="Active_Directory_cannot_delete_the_access_control_entry__ACE__for_the_domain_Domain_Controllers_security_group_on_a_newly_created_application_directory_partition_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>$Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>