Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: NTDS General|
Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.
Object (forest or domain): <object>
NTDS Settings object of domain controller: <object>.
|English: Request a translation of the event description in plain English.|
This event showed up in the Application Logs of our DCs after attempting to raise the domain functional level to 2003. We received an error that the request was unable to proceed. After much research, the problem was that there were two items listed in the LostAndFoundConfig. Using ADSIEDIT, I was able to delete those two items and the Domain Functional Level could then be raised to 2003. The real issue here is that you need to understand what the LostAndFoundConfig is for. In our case, there was a Domain Controller that had been demoted at some point in the past and it did not go cleanly. We had to clean that DC out of Active Directory using ntdsutil. I also noticed that when I ran dcdiag /test:verifyenterprisereferences it failed because it found items listed in the LostAndFoundConfig. You need to delete them, but be careful about what server it is referring to. You may need to demote the DC, delete all references to it, rename it and then re-promote it to a DC.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated