Solved

Windows 2003 Event ID 1093: Active Directory could not update object

Posted on 2013-05-11
2
1,298 Views
Last Modified: 2013-05-17
Hello,
I've two DCs, both WIN2003 with SP2 and they are Global Catalog.
They are working fine, except for a warning started two months ago for a particular AD user:

USER1 is an object contained in OU=GLOBAL-USERS,OU=CAT1,OU=GROUP1
Domain is: mydomain.local

The warning that appears (but only on SERVER1, first DC) is the following:

Event Type:      Warning
Event Source:      NTDS Replication
Event Category:      Replication
Event ID:      1093
Date:            5/11/2013
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      SERVER1
Description:
Active Directory could not update the following object with attribute changes because the incoming change
caused the object to exceed the maximum object record size.
The incoming change to the following attribute will be reversed in an attempt to complete the update.
 
Object:
CN=USER1,OU=GROUP1,OU=CAT1,OU=GLOBAL-USERS,DC=mydomain,DC=local
Object GUID:
<GUID>
Attribute:
903b4 (mSMQDigests)
 
The current value (without changes) of the attribute on this domain controller will replicate to all other domain controllers.
This will counteract the change to the rest of the replicated forest. The reversal values may be recognized as follows:
Version:
1023
Time of change:
<datetime>
Update sequence number:
92233311

This happens at least one time per day.

At the same time it is followed by Event ID 1101 which shows:

Active Directory updated the following object with attribute changes after reversing one or more of the failed attribute changes.

I havent any other issues on Directory Services event viewer, nor any problem on AD replication or KCC.

My concerns are:

1. is the user object going to fails something in authentication ?
2. do I need to perform some low level maintenance for this object ?

All user objects inside OU=GLOBAL-USERS are not affected.

Any feedback is really appreciated. Thanks.
0
Comment
Question by:pablito70
2 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 500 total points
ID: 39159924
It's only the single user object, right?
Does that user have an unusually large number of groups (or nested groups)?  I don't think you'd get THIS message... I think it's a warning about token size if the problem relates to excessive group membership.
Have you looked at that user with ADSIEdit yet?  It might be worth at least looking at this user object to see if anything leaps out at you.... whether someone has attached a lot of data to a particular field, etc.
0
 
LVL 2

Author Comment

by:pablito70
ID: 39161659
Yes only this user is affected.
There is no excessive member groups; it has same membership of similar other users.

I will look inside to ADSIedit.

Thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question