Home
  •  

Top-level Active Directory group that is mapped to the Project Web Access security group could not be resolved

Top_level_Active_Directory_group_that_is_mapped_to_the_Project_Web_Access_security_group_could_not_be_resolved_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary

During Project Web Access security group synchronization, Office Project Server 2007 could not resolve the top-level Active Directory object for the Project Web Access security group. Active Directory synchronization has been tagged for failure for this Project Web Access group.

 
Causes

Possible causes include:

  • The Office Project Server application server cannot access Active Directory for any of the following reasons:
  • The Office Project Server 2007 application server is using a Shared Services Provider (SSP) account that does not have read access to Active Directory. This can occur if the SSP is configured to use a local machine account.
  • The Office Project Server 2007 application server might no longer be joined to an active directory domain.
  • The Office Project Server 2007 application server does not currently have network access to the domain.
  • TCP or UDP ports that are required for Office Project Server 2007 and Active Directory to communicate are not open between the Office Project Server 2007 application server and the Active Directory store. This can occur if a firewall is configured to block the ports described in the following list:
      • 389/UDP – LDAP: LDAP is the Lightweight Directory Access Protocol that is designed to provide a standard way to access directory services. LDAP is the primary protocol used to access an Active Directory store on a Windows server.
      • 636/TCP – LDAP over SSL: When Secure Sockets Layer (SSL) is enabled, the LDAP data that is transmitted and received is encrypted.
      • 3268/TCP – Microsoft Global Catalog: Active Directory global catalogs listen on this port.
      • 3269/TCP – Microsoft Global Catalog with LDAP/SSL: Microsoft global catalog SSL connections listen on this port.
  • The Active Directory group no longer exists in the Active Directory store. For example, the group may have been deleted by an administrator.
  • The Project Server application server's Shared Services Provider (SSP) account does not have read access to an Active Directory group or user object.
 
Resolutions

Possible resolutions include:

  • Verify that the service account used by the SSP that is used by the Office Project Server 2007 application server is a domain account that has read access to Active Directory.
  • Verify that the Office Project Server 2007 application server is joined to an Active Directory domain.
  • Verify that the Office Project Server 2007 application server has network access.
  • Verify that the TCP and UDP ports listed in the previous section are open between the Active Directory store and the Office Project Server 2007 application server.
  • Verify that at least one Active Directory group exists in the Active Directory store with the same Active Directory GUID that is stored in the Office Project Server 2007 application server.
  • Use the ADSI Edit tool to check security permissions on individual Active Directory group and user objects. The SSP account must be able to read all Active Directory group and user objects that are involved in the synchronization process.

Note: The ADSI Edit tool is available on the Windows Server 2003 CD-ROM.

 
© %StartDate%-%EndDate% %CompanyName%, all rights reserved.

Element properties:

TargetMicrosoft.Office.ProjectServer.2007.Microsoft_Office_Project_Server_2007_Application_Servers_Installation
CategoryEventCollection
EnabledTrue
Event_ID7724
Event SourceOffice SharePoint Server
Alert GenerateTrue
Alert SeverityError
Alert PriorityLow
RemotableTrue
Alert Message
Top-level Active Directory group that is mapped to the Project Web Access security group could not be resolved

$Data/EventDescription$
Event LogApplication
CommentMom2005ID='{B011E204-990E-448F-B10F-D8C825FC4808}';MOM2005ComputerGroupID={0CC3D849-D95B-4E04-8C8C-4268D9401457}

Member Modules:

ID Module Type TypeId RunAs 
_F6DA1507_12AF_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="Top_level_Active_Directory_group_that_is_mapped_to_the_Project_Web_Access_security_group_could_not_be_resolved_1_Rule" Target="Microsoft.Office.ProjectServer.2007.Microsoft_Office_Project_Server_2007_Application_Servers_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{B011E204-990E-448F-B10F-D8C825FC4808}';MOM2005ComputerGroupID={0CC3D849-D95B-4E04-8C8C-4268D9401457}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="String">PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Office SharePoint Server</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>7724</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">

      <AlertGeneration>

        <GenerateAlert>true</GenerateAlert>

        <Owner/>

        <Description>

            $Data/EventDescription$

          </Description>

        <AlertLevel>40</AlertLevel>

        <ResolutionState/>

        <Source>

            $Data/PublisherName$

          </Source>

        <Name>Top-level Active Directory group that is mapped to the Project Web Access security group could not be resolved</Name>

      </AlertGeneration>

      <InvokerType>0</InvokerType>

    </WriteAction>

    <WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>