Event ID 2538 — Service Account Updates
Applies To: Windows Server 2008 R2
.jpg)
Active Directory Lightweight Directory Services (AD LDS) provides services using the security credentials of a user account. A user account that a service uses is commonly known as a service account. If the service account that AD LDS uses is changed, the AD LDS instance using that account detects the change and warns the administrator that additional configuration steps may be required.
Event Details
| Product: | Windows Operating System |
| ID: | 2538 |
| Source: | Microsoft-Windows-ActiveDirectory_DomainService |
| Version: | 6.0 |
| Symbolic Name: | DIRLOG_ADAM_SERVICE_ACCOUNT_CHANGED |
| Message: | The directory server has detected that the service account used to run this service has been changed. Replication failures may occur if two or more Active Directory Lightweight Directory Service instances in the same configuration set simultaneously change the service accounts under which those instances are running. Additional Data Old service account: %1 New service account: %2 |
Resolve
Wait until replication is complete before updating additional service accounts
Ensure that ample time is allowed for replication to occur before you make changes to service accounts of other instances in the configuration set.
For more information about these potential replication failures and how to correct them if they occur, see Troubleshooting Active Directory Replication Problems (https://go.microsoft.com/fwlink/?LinkID=92818).
Verify
To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
To verify that the Active Directory Lightweight Directory Services (AD LDS) service instance is running using a command prompt:
- Open a command prompt. To open a command prompt, click Start. In Start Search, type cmd, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- At the command prompt, type wmic service list brief, and then press ENTER.
- Locate the AD LDS instance name in the command output, and verify that the AD LDS instance service is listed as running.
- If the service is not running, type net start serviceName, and then press ENTER. Substitute the name of the service for serviceName. For example, if the instance service name is ADAM_Instance1, type net start adam_instance1, and then press ENTER.
To verify that the AD LDS service instance is running using Server Manager:
- Open Server Manager. To open Server Manager, click Start, in Start Search, type servermanager.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
- Double-click Roles, and then click Active Directory Lightweight Directory Services.
- In the details pane, locate the list of System Services and their status. If a service instance is not running, you can click Start in the details pane to try to start the service.
If the service is running, the service account configuration is correct.
If you want to learn more about AD LDS, formerly known as Active Directory Application Mode (ADAM), see Microsoft TechNet (https://go.microsoft.com/fwlink/?LinkID=92820).