Event ID 101 — Active Directory Domain Services Availability

Updated: December 3, 2008

Applies To: Windows Server 2008 R2

yellow

Active Directory Rights Management Services (AD RMS) uses Active Directory Domain Services (AD DS) to regulate access to rights-protected content for all AD RMS users in the AD DS forest. If AD DS is not available, AD RMS cannot grant licenses to publish and consume rights-protected content.

Event Details

Product: Windows Operating System
ID: 101
Source: Active Directory Rights Management Services
Version: 6.1
Symbolic Name: DirectoryServicesLookupEvent
Message: A lookup or group expansion request failed for the Active Directory Domain Services (AD DS) component in Active Directory Rights Management Services (AD RMS). Make sure that the requested AD DS object has an e-mail address assigned to it.

Parameter Reference
Context: %1
RequestId: %2
%3
%4

Resolve

Ensure that all AD RMS users have an E-mail Active Directory attribute

To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.

To ensure that all AD RMS users have an E-mail Active Directory attribute:

Note: It is not necessary to check all AD DS user accounts. If you know which user account tried to consume rights-protected content, you should check that user account first.

  1. Log on to a domain controller in the AD RMS forest.
  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. Click Users.
  4. Right-click a user account, and then click Properties.
  5. On the General tab, verify that the E-mail box has the correct e-mail address attribute for this user.
  6. Repeat steps 4 - 5 for all AD RMS-enabled users.

Verify

To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.

Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.

To verify that AD RMS can access the Active Directory Domain Services forest:

  1. Log on to an AD RMS-enabled client computer.
  2. Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
  3. In the new document type This is a test document.
  4. Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
  5. Select the Restrict permissions to this document check box.
  6. Type another AD RMS user's e-mail address in the Read box, and then click OK.
  7. Send this file to the person who was granted access in step 6.
  8. Have this person open the document and verify that he or she cannot do anything else other than read the document, such as print it.

Related Management Information

Active Directory Domain Services Availability

Active Directory Rights Management Services

Community Additions

ADD
Show: