Anyone come across this error with the AD Connector?

"The group expansion workflow for connector AD Connector has encountered the following error:

Error: Expansion of AD Group resulted in an error.

Group Stack: (1) CN=.......

Exception: System.OverflowException: Arithmetic operation resulted in an overflow"

Source: Data Connectors

Event ID: 34152

Not exactly the same, but similar (after enabling of "Automatically add users of AD Groups imported by this connector" in AD connector):

Log Name:      Operations Manager
Source:        Data Connectors
Date:          11.10.2012 11:58:15
Event ID:      34152
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      xxx.xxx.xxx.loc
Description:

The group expansion workflow for connector ... has encountered the following error:
 
Error: Error resolving group with domain ... and name .... Exception:

I have the same error

Event 34152 : Data Conectors

The group expansion workflow for connector AD Connector has encountered the following error:

Error: Expansion of AD group CN=client.customer-F,OU=Security Groups,DC=...,DC=lan resulted in an error

How can we solve our issue ?

Regards

Phil

Madininarawak

Hi everybody,

any update ?

I have this detailled message:

AD Connector

Expansion of AD group CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan resulted in an error. Group stack: (1): CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan (2): CN=Domain Computers,CN=Users,DC=contoso Exception: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the target principal could not be found in the domain indicated by the principal's SID. at System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) at System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) at System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current() at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.ExpandGroup(GroupPrincipal groupPrincipal) at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.Start(Guid connectorId)

Thanks for your answers

Phil

Madininarawak

• Edited by Madinarawak Monday, February 25, 2013 2:51 PM

Hi,

is there any update on this? I got the same error here...

Thx

Christian

http://social.technet.microsoft.com/Forums/en-US/systemcenterservicemanager/thread/e55901e5-1998-4692-a23c-728d418fec92

Saddly, rebooting did not resolve this issue for me. 

Any idea from anyone?

neither do I; this one pops up once in a while, it actually seems to keep running in the background...

Hey everybody!

Is there anybody out there whos got any idea to solve the issue Anatoliy described?!

Rebooting did not resolve this issue for me,too.

Regards,

Dirk Suri

Hi Dirk.

This really is just a wild guess from the error in Phil's post above, but can you check the group membership of the group that has generated the error?  The error effectively says that the target principle (user) cannot be located by the SID specified in the group.  May be a SID left over from a deleted object, or possible from a defunct forest trust situation?

Just a complete guess on this one :)

Cheers

Shaun

Hey Shaun,

I took a detailed look at the event viewer again. I noticed that the data connector only got a problem with syncing the container within "CN=Builtin,DC=...." such as Users etc. (" ... Operation is not supported").

My question now: How can I exclude the builtin containers from syncing with scsm??

Greetz,

Dirk

Hi All,

Any solution??

I too face the same problem

ok, just to put a nail in this one, here's how you fix this issue: 

1. Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
2. Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.

the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups. 

• Proposed as answer by stemo76 13 hours 19 minutes ago

ok, just to put a nail in this one, here's how you fix this issue: 

1. Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
2. Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.

the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups. 

• Proposed as answer by stemo76 Thursday, September 03, 2015 5:56 PM

It appears each group that throws this error I find a member with an up arrow next to it with this explanation.

'Note that this object is just a placeholder for a user or group from a trusted external domain.  This object was created when an external object was added to a group in this domain.  The properties for the actual user or group can't be displayed.'