AD Group Expansion Error ID 34152


  • Anyone come across this error with the AD Connector?

    "The group expansion workflow for connector AD Connector has encountered the following error:

    Error: Expansion of AD Group resulted in an error.

    Group Stack: (1) CN=.......

    Exception: System.OverflowException: Arithmetic operation resulted in an overflow"

    Source: Data Connectors

    Event ID: 34152

    Regards, Zoeb Khan

    Tuesday, September 18, 2012 2:18 AM

All replies

  • Not exactly the same, but similar (after enabling of "Automatically add users of AD Groups imported by this connector" in AD connector):

    Log Name:      Operations Manager
    Source:        Data Connectors
    Date:          11.10.2012 11:58:15
    Event ID:      34152
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A

    The group expansion workflow for connector ... has encountered the following error:
    Error: Error resolving group with domain ... and name .... Exception:

    Thursday, October 11, 2012 9:08 AM
  • I have the same error

    Event 34152 : Data Conectors

    The group expansion workflow for connector AD Connector has encountered the following error:

    Error: Expansion of AD group CN=client.customer-F,OU=Security Groups,DC=...,DC=lan resulted in an error

    How can we solve our issue ?




    Thursday, February 07, 2013 10:28 AM
  • Hi everybody,

    any update ?

    I have this detailled message:

    AD Connector

    Expansion of AD group CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan resulted in an error. Group stack: (1): CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan (2): CN=Domain Computers,CN=Users,DC=contoso Exception: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the target principal could not be found in the domain indicated by the principal's SID. at System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) at System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) at System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current() at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.ExpandGroup(GroupPrincipal groupPrincipal) at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.Start(Guid connectorId)

    Thanks for your answers



    • Edited by Madinarawak Monday, February 25, 2013 2:51 PM
    Monday, February 25, 2013 2:50 PM
  • Hi,

    is there any update on this? I got the same error here...



    Thursday, April 11, 2013 7:21 AM
  • Saturday, April 13, 2013 1:28 PM
  • Saddly, rebooting did not resolve this issue for me. 

    Any idea from anyone?

    Monday, July 08, 2013 4:04 PM
  • neither do I; this one pops up once in a while, it actually seems to keep running in the background...

    Patrick Zhang

    Monday, July 15, 2013 1:58 PM
  • Hey everybody!

    Is there anybody out there who´s got any idea to solve the issue Anatoliy described?!

    Rebooting did not resolve this issue for me,too.


    Dirk Suri

    Tuesday, October 15, 2013 6:32 AM
  • Hi Dirk.

    This really is just a wild guess from the error in Phil's post above, but can you check the group membership of the group that has generated the error?  The error effectively says that the target principle (user) cannot be located by the SID specified in the group.  May be a SID left over from a deleted object, or possible from a defunct forest trust situation?

    Just a complete guess on this one :)



    Wednesday, October 16, 2013 5:55 AM
  • Hey Shaun,

    I took a detailed look at the event viewer again. I noticed that the data connector only got a problem with syncing the container within "CN=Builtin,DC=...." such as Users etc. (" ... Operation is not supported").

    My question now: How can I exclude the builtin containers from syncing with scsm??



    Monday, October 28, 2013 7:35 AM
  • Hi All,

    Any solution??

    I too face the same problem

    Thursday, November 27, 2014 6:24 PM
  • ok, just to put a nail in this one, here's how you fix this issue: 

    1. Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
    2. Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.

    the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups. 

    • Proposed as answer by stemo76 Thursday, September 03, 2015 5:56 PM
    Monday, December 01, 2014 4:37 PM
  • It appears each group that throws this error I find a member with an up arrow next to it with this explanation.

    'Note that this object is just a placeholder for a user or group from a trusted external domain.  This object was created when an external object was added to a group in this domain.  The properties for the actual user or group can't be displayed.'

    Thursday, September 03, 2015 5:58 PM