Announcement

Collapse
No announcement yet.

The specified directory service attribute or value does not exist

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • The specified directory service attribute or value does not exist

    Hello All,
    I hope someone here can help me out. I've searched and every time I find a site or link that shows just about my same issue - it seems that the answers are never the same.

    Win2K3 Active Directory
    In the path of domain\system\policies, I have a couple of 'unknown' objects. I have tried to delete these objects to no avail. There are no actual policies with a matching GUID (I see nothing in the domain\sysvol folder). Every time I try to delete the objects (within ADUC) I receive 'The specified directory service attribute or value does not exist', within ADSIEDIT I receive the error code 0x8007200a with the same text.

    I've made myself as the owner of these objects, and I still cannot delete them. I've logged on to the domain controller as the Domain Admin and still receive the same error.

    Any ideas on how in the world I can get rid of these objects?
    Last edited by MikeDub; 11th November 2008, 21:22. Reason: Resolved

  • #2
    Re: The specified directory service attribute or value does not exist

    Try it as an Enterprise Admin. Other than that, not sure what to suggest.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: The specified directory service attribute or value does not exist

      One forest, One domain...One Admin


      Does anyone else have any ideas on how I can get rid of these two anomalies?

      Comment


      • #4
        Re: The specified directory service attribute or value does not exist

        Well.. you may be able to get rid of them if you boot in DS restore mode however I have no idea what would happen if you did delete them.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: The specified directory service attribute or value does not exist

          I have these too. Maybe they're supposed to be there.

          Comment


          • #6
            Re: The specified directory service attribute or value does not exist

            Hare Krsna,

            How many domain controller and Global Catalogs do you have?
            Let me know

            If it's ADC tell me what do see under other domain controller
            sysvol\domain\policies.

            and if you can send me a screenshot @ [email protected]

            Thank you
            Navdeep
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: The specified directory service attribute or value does not exist

              If she posts her screenshots here, we'll all be able to see them and try to help.
              Gareth Howells

              BSc (Hons), MBCS, MCP, MCDST, ICCE

              Any advice is given in good faith and without warranty.

              Please give reputation points if somebody has helped you.

              "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

              "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

              Comment


              • #8
                Re: The specified directory service attribute or value does not exist

                I'm not a she; however, since I'm the one that started the post...

                Anyway:
                One Forest, One Domain, (unfortunately) One DC (which by default is also the GC).

                DC\SYSVOL\Domain\Policies only show the polices that appear as OK in the attached 'AD Screen.jpg' file and not the ones of type unknown.

                I've tried to delete them by ADUC, ADSIEDIT, and LDP - ADUC and ADSIEDIT give the same basic error.
                LDP gives:
                ldap_delete_s(ld, "CN={00A53503-E014-4C0B-9F37-902C2F481553},CN=Policies,CN=System,DC=domain,DC=l ocal");
                Error: Delete: Not allowed on Non-leaf. <66>
                Server error: 0000208C: UpdErr: DSID-030A0491, problem 6003 (CANT_ON_NON_LEAF), data 0
                Error 0x208C The operation cannot be performed because child objects exist. This operation can only be performed on a leaf object.

                Now, I am a member of the Domain Admins, Enterprise Admins, and Schema Admins and have given myself Ownership of the objects in question, this did not help, so I have placed it back to the Domain Admins as owners


                Now, running DCDIAG on server (DCDIAG /V) I see absolutely no errors. However, I want to get a couple more DCs in place prior to an Exchange 2007 Migration (currently at E2K migrated from E5.5 not long ago). So, I want to get as many problems with AD removed prior to adding any more DCs to help prevent replication problems.
                Attached Files
                Last edited by MikeDub; 11th November 2008, 17:58. Reason: Update

                Comment


                • #9
                  Re: The specified directory service attribute or value does not exist

                  Originally posted by MikeDub View Post
                  I'm not a she
                  Not sure where that one came from, sorry lol.
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: The specified directory service attribute or value does not exist

                    This worked for me.

                    http://support.microsoft.com/kb/294257

                    Comment


                    • #11
                      Re: The specified directory service attribute or value does not exist

                      Originally posted by Garen View Post
                      Thanks for the try Garen.
                      Nope no go. I think some fo the reason though, is that the GPO Template exists within Active Directory; however, the GPO itself does not exist.

                      Comment


                      • #12
                        Re: The specified directory service attribute or value does not exist

                        DOH!
                        I have it resolved

                        There was a DENY permission set on the objects.
                        Thanks to All for your Help

                        Comment

                        Working...
                        X