AD Group Expansion Error ID 34152
Anyone come across this error with the AD Connector?
"The group expansion workflow for connector AD Connector has encountered the following error:
Error: Expansion of AD Group resulted in an error.
Group Stack: (1) CN=.......
Exception: System.OverflowException: Arithmetic operation resulted in an overflow"
Source: Data Connectors
Event ID: 34152
September 18th, 2012 2:18am
Not exactly the same, but similar (after enabling of "Automatically add users of AD Groups imported by this connector" in AD connector):
Log Name: Operations Manager
Source: Data Connectors
Date: 11.10.2012 11:58:15
Event ID: 34152
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxx.xxx.xxx.loc
Description:
The group expansion workflow for connector ... has encountered the following error:
Error: Error resolving group with domain ... and name .... Exception:
October 11th, 2012 9:08am
I have the same error
Event 34152 : Data Conectors
The group expansion workflow for connector AD Connector has encountered the following error:
Error: Expansion of AD group CN=client.customer-F,OU=Security Groups,DC=...,DC=lan resulted in an error
How can we solve our issue ?
Regards
Phil
Madininarawak
February 7th, 2013 10:28am
Hi everybody,
any update ?
I have this detailled message:
|
|
|
Expansion of AD group CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan resulted in an error. Group stack: (1): CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan (2): CN=Domain Computers,CN=Users,DC=contoso Exception:
System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the target principal could not be found in the domain indicated by the principal's SID. at System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object
o) at System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) at System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current()
at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.ExpandGroup(GroupPrincipal groupPrincipal) at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.Start(Guid connectorId)
|
Thanks for your answers
Phil
Madininarawak
-
Edited by
Madinarawak
Monday, February 25, 2013 2:51 PM
February 25th, 2013 2:50pm
Hi,
is there any update on this? I got the same error here...
Thx
Christian
April 11th, 2013 7:21am
Saddly, rebooting did not resolve this issue for me.
Any idea from anyone?
July 8th, 2013 4:04pm
neither do I; this one pops up once in a while, it actually seems to keep running in the background...
July 15th, 2013 1:58pm
Hey everybody!
Is there anybody out there whos got any idea to solve the issue Anatoliy described?!
Rebooting did not resolve this issue for me,too.
Regards,
Dirk Suri
October 15th, 2013 6:32am
Hi Dirk.
This really is just a wild guess from the error in Phil's post above, but can you check the group membership of the group that has generated the error? The error effectively says that the target principle (user) cannot be located by the SID specified
in the group. May be a SID left over from a deleted object, or possible from a defunct forest trust situation?
Just a complete guess on this one :)
Cheers
Shaun
October 16th, 2013 5:55am
Hey Shaun,
I took a detailed look at the event viewer again. I noticed that the data connector only got a problem with syncing the container within "CN=Builtin,DC=...." such as Users etc. (" ... Operation is not supported").
My question now: How can I exclude the builtin containers from syncing with scsm??
Greetz,
Dirk
October 28th, 2013 7:35am
Hi All,
Any solution??
I too face the same problem
November 27th, 2014 6:24pm
ok, just to put a nail in this one, here's how you fix this issue:
- Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
- Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.
the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the
connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups.
-
Proposed as answer by
stemo76
13 hours 19 minutes ago
December 1st, 2014 4:37pm
ok, just to put a nail in this one, here's how you fix this issue:
- Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
- Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.
the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the
connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups.
-
Proposed as answer by
stemo76
Thursday, September 03, 2015 5:56 PM
December 1st, 2014 4:37pm
It appears each group that throws this error I find a member with an up arrow next to it with this explanation.
'Note that this object is just a placeholder for a user or group from a trusted external domain. This object was created when an external object was added to a group in this domain. The properties for the actual user or group can't be displayed.'
September 3rd, 2015 2:02pm