Error code 4312
: The object identifier does not represent a valid object.
Error code 1332
: No mapping between account names and security IDs was done. Some users reported this error as starting after the installation of security hotfix ME296185
(Malformed Hit Highlighter in Windows 2000 Index Service. According to a Usenet posting: "We're having the same problem on 2 out of 3 member servers and a 4 hour call to Microsoft failed to correct it. We believe the root of the problem is orphaned SIDs, but we cleaned up all those we could find in GPO, shares, file security, etc, but that still didn't fix the prblem. Microsoft's last suggestion short of formatting and reinstalling was to take the domain down, create a new, bogus domain by a different name, take that domain down, then recreate the original domain. The theory was that doing so would destroy all remanants of the original domain. We're having the problem with both SP1 and SP2 systems, though the SP1 box has all the security patches applied. I've seen a suggestion that if the computer is multi-homed and print and file services is not bound to all NICs that may cause a problem as well. Another suggestion is that SMS unistallation causes orpaned SIDs."
From another post: "Demoted all but one controller, removed ntfrs.db from both after stopping ntfrs on both. Removed the same from the remaining dc after stopping the ntfrs service. it moved scripts and policies out automatically and I then moved the originals back in the the main domain folder and started the service again. waited... all appeared ok (as it should because it wasn't replicating to anyone). Then promted a member server. Waited patiently and eventually the
replication started after a few trys and now all is well again."
Error code 1332
: From a newsgroup post: "You most likely have a local policy on that DC that has a non-resolving SID. Start MMC and open up Group Policy, Local Machine, and search that for any SID that doesn't resolve to a name."