Anyone come across this error with the AD Connector?
"The group expansion workflow for connector AD Connector has encountered the following error:
Error: Expansion of AD Group resulted in an error.
Group Stack: (1) CN=.......
Exception: System.OverflowException: Arithmetic operation resulted in an overflow"
Source: Data Connectors
Event ID: 34152
Regards, Zoeb Khan
Not exactly the same, but similar (after enabling of "Automatically add users of AD Groups imported by this connector" in AD connector):
Log Name: Operations Manager
Source: Data Connectors
Date: 11.10.2012 11:58:15
Event ID: 34152
Task Category: None
The group expansion workflow for connector ... has encountered the following error:
Error: Error resolving group with domain ... and name .... Exception:
I have the same error
Event 34152 : Data Conectors
The group expansion workflow for connector AD Connector has encountered the following error:
Error: Expansion of AD group CN=client.customer-F,OU=Security Groups,DC=...,DC=lan resulted in an error
How can we solve our issue ?
any update ?
I have this detailled message:
Expansion of AD group CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan resulted in an error. Group stack: (1): CN=CERTSVC_DCOM_ACCESS,OU=migration,OU=Security Groups,DC=contoso,DC=lan (2): CN=Domain Computers,CN=Users,DC=contoso Exception: System.DirectoryServices.AccountManagement.PrincipalOperationException: While trying to resolve a cross-store reference, the target principal could not be found in the domain indicated by the principal's SID. at System.DirectoryServices.AccountManagement.ADStoreCtx.ResolveCrossStoreRefToPrincipal(Object o) at System.DirectoryServices.AccountManagement.ADUtils.DirectoryEntryAsPrincipal(DirectoryEntry de, ADStoreCtx storeCtx) at System.DirectoryServices.AccountManagement.ADDNLinkedAttrSet.get_CurrentAsPrincipal() at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.get_Current() at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.ExpandGroup(GroupPrincipal groupPrincipal) at Microsoft.EnterpriseManagement.ServiceManager.Sdk.Connectors.Lfx.Workflows.ADGroupExpander.Start(Guid connectorId)
Thanks for your answers
- Edited by Madinarawak Monday, February 25, 2013 2:51 PM
email: freemanru (at) gmail (dot) com
- Proposed as answer by Anton Gritsenko - FreemanRUMVP, Moderator Saturday, April 13, 2013 1:28 PM
This really is just a wild guess from the error in Phil's post above, but can you check the group membership of the group that has generated the error? The error effectively says that the target principle (user) cannot be located by the SID specified in the group. May be a SID left over from a deleted object, or possible from a defunct forest trust situation?
Just a complete guess on this one :)
I took a detailed look at the event viewer again. I noticed that the data connector only got a problem with syncing the container within "CN=Builtin,DC=...." such as Users etc. (" ... Operation is not supported").
My question now: How can I exclude the builtin containers from syncing with scsm??
ok, just to put a nail in this one, here's how you fix this issue:
- Disable the group expansion behavior by clearing the checkbox "Automatically add users of AD Groups imported by this connector"
- Create a new AD connector to import groups you need in SCSM that would otherwise have been identified by this AD behavior.
the most likely cause is that you have deeply nested groups or invalid memberships (such as 0DEL objects that are members of groups) that are causing the group expansion part of the connector to choke and fall over. disabling this behavior will prevent the connector from trying to dereference world+dog, and creating a new connector to directly import the groups that would have been identified will allow you to continue to assign work items to these groups.
- Proposed as answer by stemo76 Thursday, September 03, 2015 5:56 PM
It appears each group that throws this error I find a member with an up arrow next to it with this explanation.
'Note that this object is just a placeholder for a user or group from a trusted external domain. This object was created when an external object was added to a group in this domain. The properties for the actual user or group can't be displayed.'