Event ID 101 — Active Directory Domain Services Availability
Applies To: Windows Server 2008 R2
.jpg)
Active Directory Rights Management Services (AD RMS) uses Active Directory Domain Services (AD DS) to regulate access to rights-protected content for all AD RMS users in the AD DS forest. If AD DS is not available, AD RMS cannot grant licenses to publish and consume rights-protected content.
Event Details
| Product: | Windows Operating System |
| ID: | 101 |
| Source: | Active Directory Rights Management Services |
| Version: | 6.1 |
| Symbolic Name: | DirectoryServicesLookupEvent |
| Message: | A lookup or group expansion request failed for the Active Directory Domain Services (AD DS) component in Active Directory Rights Management Services (AD RMS). Make sure that the requested AD DS object has an e-mail address assigned to it. Parameter Reference Context: %1 RequestId: %2 %3 %4 |
Resolve
Ensure that all AD RMS users have an E-mail Active Directory attribute
To perform this procedure, you must be a member of the Domain Admins group, or you must have been delegated the appropriate authority.
To ensure that all AD RMS users have an E-mail Active Directory attribute:
Note: It is not necessary to check all AD DS user accounts. If you know which user account tried to consume rights-protected content, you should check that user account first.
- Log on to a domain controller in the AD RMS forest.
- Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
- Click Users.
- Right-click a user account, and then click Properties.
- On the General tab, verify that the E-mail box has the correct e-mail address attribute for this user.
- Repeat steps 4 - 5 for all AD RMS-enabled users.
Verify
To perform this procedure, you must be a member of the local Users group, or you must have been delegated the appropriate authority.
Note: Microsoft Office Word 2007 is used as an example in this section. Any AD RMS-enabled application can be used in place of Word 2007.
To verify that AD RMS can access the Active Directory Domain Services forest:
- Log on to an AD RMS-enabled client computer.
- Click Start, point to All Programs, point to Microsoft Office, and then click Microsoft Office Word 2007.
- In the new document type This is a test document.
- Click the Microsoft Office Start Button, point to Prepare, point to Restrict Permissions, and then click Restricted Access.
- Select the Restrict permissions to this document check box.
- Type another AD RMS user's e-mail address in the Read box, and then click OK.
- Send this file to the person who was granted access in step 6.
- Have this person open the document and verify that he or she cannot do anything else other than read the document, such as print it.