pablito70
asked on
Windows 2003 Event ID 1093: Active Directory could not update object
Hello,
I've two DCs, both WIN2003 with SP2 and they are Global Catalog.
They are working fine, except for a warning started two months ago for a particular AD user:
USER1 is an object contained in OU=GLOBAL-USERS,OU=CAT1,OU =GROUP1
Domain is: mydomain.local
The warning that appears (but only on SERVER1, first DC) is the following:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1093
Date: 5/11/2013
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER1
Description:
Active Directory could not update the following object with attribute changes because the incoming change
caused the object to exceed the maximum object record size.
The incoming change to the following attribute will be reversed in an attempt to complete the update.
Object:
CN=USER1,OU=GROUP1,OU=CAT1 ,OU=GLOBAL -USERS,DC= mydomain,D C=local
Object GUID:
<GUID>
Attribute:
903b4 (mSMQDigests)
The current value (without changes) of the attribute on this domain controller will replicate to all other domain controllers.
This will counteract the change to the rest of the replicated forest. The reversal values may be recognized as follows:
Version:
1023
Time of change:
<datetime>
Update sequence number:
92233311
This happens at least one time per day.
At the same time it is followed by Event ID 1101 which shows:
Active Directory updated the following object with attribute changes after reversing one or more of the failed attribute changes.
I havent any other issues on Directory Services event viewer, nor any problem on AD replication or KCC.
My concerns are:
1. is the user object going to fails something in authentication ?
2. do I need to perform some low level maintenance for this object ?
All user objects inside OU=GLOBAL-USERS are not affected.
Any feedback is really appreciated. Thanks.
I've two DCs, both WIN2003 with SP2 and they are Global Catalog.
They are working fine, except for a warning started two months ago for a particular AD user:
USER1 is an object contained in OU=GLOBAL-USERS,OU=CAT1,OU
Domain is: mydomain.local
The warning that appears (but only on SERVER1, first DC) is the following:
Event Type: Warning
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1093
Date: 5/11/2013
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: SERVER1
Description:
Active Directory could not update the following object with attribute changes because the incoming change
caused the object to exceed the maximum object record size.
The incoming change to the following attribute will be reversed in an attempt to complete the update.
Object:
CN=USER1,OU=GROUP1,OU=CAT1
Object GUID:
<GUID>
Attribute:
903b4 (mSMQDigests)
The current value (without changes) of the attribute on this domain controller will replicate to all other domain controllers.
This will counteract the change to the rest of the replicated forest. The reversal values may be recognized as follows:
Version:
1023
Time of change:
<datetime>
Update sequence number:
92233311
This happens at least one time per day.
At the same time it is followed by Event ID 1101 which shows:
Active Directory updated the following object with attribute changes after reversing one or more of the failed attribute changes.
I havent any other issues on Directory Services event viewer, nor any problem on AD replication or KCC.
My concerns are:
1. is the user object going to fails something in authentication ?
2. do I need to perform some low level maintenance for this object ?
All user objects inside OU=GLOBAL-USERS are not affected.
Any feedback is really appreciated. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is no excessive member groups; it has same membership of similar other users.
I will look inside to ADSIedit.
Thanks