Export (0) Print
Expand All
Expand Minimize

Project Active Directory exception occurred during synchronization

 

Applies to: Project Server 2013, Project Server 2010

Topic Last Modified: 2013-12-18

Element ID / Rule Name:   Project_Active_Directory_Exception_Occurred_During_Synchronization

Summary:   During a synchronization process, Microsoft Project Server attempts to obtain a reference to an Active Directory group that is mapped to either the Enterprise Resource Pool or a Project Server security group by using the GUID of the Active Directory group in an LDAP query. If the LDAP query fails, an Active Directory synchronization exception is recorded in the Windows Server event log. When this exception occurs, it typically means that the Active Directory synchronization process failed either partly or completely.

Cause:   The Project Server application server cannot access the Active Directory directory service for any of the following reasons:

  • The Project Server application server is using a SharePoint Service Account (SA) account that does not have read access to Active Directory.

  • The Project Server application server may no longer be joined to an Active Directory domain.

  • The Project Server application server does not currently have network access to the domain.

  • Ports required for Project Server and Active Directory to communicate are not open between the Project Server application server and the Active Directory store. This can occur if a firewall is configured to block the ports described in the following list:

    • 389/UDP – LDAP: LDAP is the Lightweight Directory Access Protocol that provides a standard way to access directory services. LDAP is the primary protocol that is used to access an Active Directory store.

    • 636/TCP – LDAP over SSL: When Secure Sockets Layer (SSL) is enabled, the LDAP data that is transmitted and received is encrypted.

    • 3268/TCP – Microsoft global catalog: Active Directory global catalogs listen on this port.

    • 3269/TCP – Microsoft global catalog with LDAP/SSL: Microsoft global catalog SSL connections listen on this port.

  • The Active Directory group no longer exists in the Active Directory store. For example, the group may have been deleted by an administrator.

  • The Project Server application server's SA account does not have read access to an Active Directory group or user object.

Possible resolutions include the following:

  • Verify that the service account that is used by the SA used by the Project Server application server is a domain account that has read access to Active Directory.

  • Verify that the Project Server application server is joined to an Active Directory domain.

  • Verify that the Project Server application server has network access.

  • Verify that the ports listed in the previous section are open between the Active Directory store and the Project Server application server.

  • Verify that at least one Active Directory group exists in the Active Directory store with the same Active Directory GUID that is stored in the Project Server application server.

  • Use the ADSI Edit tool to check security permissions on individual Active Directory group and user objects. The SA account must be able to read all Active Directory group and user objects that are involved in the synchronization process.

    noteNote
    The ADSI Edit tool is available for Windows Server 2008 when you install the Active Directory Domain Services (AD DS) role to make a server a domain controller. It is also available as a part of the Remote Server Administration Tools (RSAT) kit available. See Installing or Removing the Remote Server Administration Tools Pack (http://go.microsoft.com/fwlink/p/?LinkId=143345) in the TechNet Library.

Other Resources

Project Active Directory connection failed
Project Active Directory exception occurred during synchronization
Project Active Directory nested foreign security principal could not be resolved
Project Active Directory nested object could not be resolved
Project Active Directory PWA group could not be resolved
Project Active Directory top-level group has no members
Project Creating Report Center Web failed
Project Cube Build Service Analysis Services server connection failure
Project Cube Build Service Analysis Services server lock time out
Project Cube Build Service attempt to overwrite failed
Project Cube Build Service Decision Support Object is not installed
Project notification XSLT transformation error
Project Failure creating a Project workspace
Project General Data Access Layer error connecting to database
Project General Data Access Layer error while getting connection strings
Project notification e-mail delivery failed
Project notification XSLT transformation error
Project Queue general percentage SQL retries per day
Project Queue general percentage SQL retries per hour
Project Queue jobs average wait time per day
Project queue jobs percentage jobs failed per day
Project queue jobs percentage failed per hour
Project Queue System restarting due to unexpected error
Project Reporting server side event has failed
Project Server event handler could not be found
Project Server event service could not be found
Project SQL user view refresh message was not queued
Project user view was truncated
Project Windows SharePoint Services format error
Project Winproj average time taken for project open
Project Winproj average percentage of incremental save to full save
Project workspace user synchronization failed

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft