In “Pending Events” we have a few events for users (who are not yet managed by NSM for AD) with the following actions (and action states):
- Evaluating Add Member (Evaluating user policy)
- Create User (Getting policy for the user)
The “last error” message is: “92 : The object in Directory Services has a class or attribute mismatch and is not valid.” Viewing the nsmengine-ad-(date).log file, I can see the following entries:
01 2014-04-02 08:55:20 3600 3 8003 1436 2908 cc::ds_ad::GetObjectListAsyncEx() - Called piDirSearch->GetNextRow(...), HRESULT = 80072030, Result = 15.
01 2014-04-02 08:55:20 3600 5 0008 1436 2908 PolicyTools::GetEffectivePolicies - Failed to get indirect group memberships for CN=<UserDetails>,DC=local. Result = 15.
A quick search for the error number indicates that the error (80072030) is that “there is no such object on the server”. All our DC’s are Global Catalog’s and I can confirm the users exist and are valid. Some of our groups do have a large number of members (up to 30,000).
Any idea what could be causing the issue and how to resolve it?
Thanks,
Jonathan