Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1723 Source: NTDSGeneral

Source
Level
Description
Active Directory failed to raise the functional level of the domain or forest because the following domain controller is at a lower functional level.

Object (forest or domain): <object>
NTDS Settings object of domain controller: <object>.
Comments
 
This event showed up in the Application Logs of our DCs after attempting to raise the domain functional level to 2003. We received an error that the request was unable to proceed. After much research, the problem was that there were two items listed in the LostAndFoundConfig. Using ADSIEDIT, I was able to delete those two items and the Domain Functional Level could then be raised to 2003. The real issue here is that you need to understand what the LostAndFoundConfig is for. In our case, there was a Domain Controller that had been demoted at some point in the past and it did not go cleanly. We had to clean that DC out of Active Directory using ntdsutil. I also noticed that when I ran dcdiag /test:verifyenterprisereferences it failed because it found items listed in the LostAndFoundConfig. You need to delete them, but be careful about what server it is referring to. You may need to demote the DC, delete all references to it, rename it and then re-promote it to a DC.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...