Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 8277 Source: MSADC

Source
Level
Description
ADC could not replicate <object name> to the Active Directory because the object came from the configured active directory, yet the ADC cannot find it in active directory. This can happen the ADC is configured to use multiple DC's, and the DC's are out of sync with each other. The ADC will try to re-replicate the object. <connection agreement name>.
Comments
 
In a migration from Exchange 5.5 to Exchange 2003 in a multi-site worldwide environment with ADC running, an administrator on a remote site created new mailboxes for new users on Exchange 5.5. ADC complained that it could not find the associated user object. Looking at the raw attributes in Exchange 5.5, the ADCGlobalNames were empty, and the same was true of the AD user object (msExchADCGlobalNames), checked with ADSI Edit.
We then re-assigned the same AD user object as Primary Windows NT Account in the Exchange 5.5 Administrator and forced ADC to replicate. After that, the objects were in sync and ADCGlobalNames had been correctly created.
The root cause might have been replication latency. The ADC user CA was configured to use a DC for replication that was not in the same site as the Exchange 5.5 server. We then changed the user CA to use a site-local DC.
As per Microsoft: "The security ID (SID) on the object indicates that it came from this domain, but ADC (Active Directory Connector) cannot find it in the domain". See MSEX2K3DB for additional information about this event.
As per Microsoft: "This issue may occur if the directory objects that represent Exchange 5.5 mail-enabled public folders are removed from the Microsoft Exchange System Objects container in the Active Directory directory service". See ME840157 to resolve this problem.
This can happen if you removed ADC and the ADC replicated users and afterwards reconfigured the ADC link. The ADC thinks the object is already replicated, but you have deleted this object manually. To remove the link in Exchange 5.5 to the old (deleted) object start Exchange 5.5 Admin in raw mode (admin -r) and take the raw properties of the user. Remove the values of the ADC-Global-Names attribute. This can be done for a lot users at the same time by exporting the directory to a file with the first line:
Obj-Class, First Name, Last name, Display Name, Alias Name, Directory Name, Obj-Container, ADC-Global-Names

Then edit this file, and replace the values of column ADC-Global-Names with “~DEL”.

Further information about ADC-Global-Names can be found in ME316280.
This happened on a DC right after the user was created in a subdomain. The ADC's attempted to replicate the user account info over to another subdomain where the exchange 5.5 and 2000 servers reside. The DC eventually replicated this user successfully on its own, giving eventid 8271.


Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...