Applies to: desktop apps only
- 8200 (0x2008)
An error occurred while installing the directory service. For more information, see the event log.
- 8201 (0x2009)
The directory service evaluated group memberships locally.
- 8202 (0x200A)
The specified directory service attribute or value does not exist.
- 8203 (0x200B)
The attribute syntax specified to the directory service is invalid.
- 8204 (0x200C)
The attribute type specified to the directory service is not defined.
- 8205 (0x200D)
The specified directory service attribute or value already exists.
- 8206 (0x200E)
The directory service is busy.
- 8207 (0x200F)
The directory service is unavailable.
- 8208 (0x2010)
The directory service was unable to allocate a relative identifier.
- 8209 (0x2011)
The directory service has exhausted the pool of relative identifiers.
- 8210 (0x2012)
The requested operation could not be performed because the directory service is not the master for that type of operation.
- 8211 (0x2013)
The directory service was unable to initialize the subsystem that allocates relative identifiers.
- 8212 (0x2014)
The requested operation did not satisfy one or more constraints associated with the class of the object.
- 8213 (0x2015)
The directory service can perform the requested operation only on a leaf object.
- 8214 (0x2016)
The directory service cannot perform the requested operation on the RDN attribute of an object.
- 8215 (0x2017)
The directory service detected an attempt to modify the object class of an object.
- 8216 (0x2018)
The requested cross-domain move operation could not be performed.
- 8217 (0x2019)
Unable to contact the global catalog server.
- 8218 (0x201A)
The policy object is shared and can only be modified at the root.
- 8219 (0x201B)
The policy object does not exist.
- 8220 (0x201C)
The requested policy information is only in the directory service.
- 8221 (0x201D)
A domain controller promotion is currently active.
- 8222 (0x201E)
A domain controller promotion is not currently active.
- 8224 (0x2020)
An operations error occurred.
- 8225 (0x2021)
A protocol error occurred.
- 8226 (0x2022)
The time limit for this request was exceeded.
- 8227 (0x2023)
The size limit for this request was exceeded.
- 8228 (0x2024)
The administrative limit for this request was exceeded.
- 8229 (0x2025)
The compare response was false.
- 8230 (0x2026)
The compare response was true.
- 8231 (0x2027)
The requested authentication method is not supported by the server.
- 8232 (0x2028)
A more secure authentication method is required for this server.
- 8233 (0x2029)
- 8234 (0x202A)
The authentication mechanism is unknown.
- 8235 (0x202B)
A referral was returned from the server.
- 8236 (0x202C)
The server does not support the requested critical extension.
- 8237 (0x202D)
This request requires a secure connection.
- 8238 (0x202E)
- 8239 (0x202F)
A constraint violation occurred.
- 8240 (0x2030)
There is no such object on the server.
- 8241 (0x2031)
There is an alias problem.
- 8242 (0x2032)
An invalid dn syntax has been specified.
- 8243 (0x2033)
The object is a leaf object.
- 8244 (0x2034)
There is an alias dereferencing problem.
- 8245 (0x2035)
The server is unwilling to process the request.
- 8246 (0x2036)
A loop has been detected.
- 8247 (0x2037)
There is a naming violation.
- 8248 (0x2038)
The result set is too large.
- 8249 (0x2039)
The operation affects multiple DSAs.
- 8250 (0x203A)
The server is not operational.
- 8251 (0x203B)
A local error has occurred.
- 8252 (0x203C)
An encoding error has occurred.
- 8253 (0x203D)
A decoding error has occurred.
- 8254 (0x203E)
The search filter cannot be recognized.
- 8255 (0x203F)
One or more parameters are illegal.
- 8256 (0x2040)
The specified method is not supported.
- 8257 (0x2041)
No results were returned.
- 8258 (0x2042)
The specified control is not supported by the server.
- 8259 (0x2043)
A referral loop was detected by the client.
- 8260 (0x2044)
The preset referral limit was exceeded.
- 8261 (0x2045)
The search requires a SORT control.
- 8262 (0x2046)
The search results exceed the offset range specified.
- 8263 (0x2047)
The directory service detected the subsystem that allocates relative identifiers is disabled. This can occur as a protective mechanism when the system determines a significant portion of relative identifiers (RIDs) have been exhausted. Please see http://go.microsoft.com/fwlink/?LinkId=228610 for recommended diagnostic steps and the procedure to re-enable account creation.
- 8301 (0x206D)
The root object must be the head of a naming context. The root object cannot have an instantiated parent.
- 8302 (0x206E)
The add replica operation cannot be performed. The naming context must be writeable in order to create the replica.
- 8303 (0x206F)
A reference to an attribute that is not defined in the schema occurred.
- 8304 (0x2070)
The maximum size of an object has been exceeded.
- 8305 (0x2071)
An attempt was made to add an object to the directory with a name that is already in use.
- 8306 (0x2072)
An attempt was made to add an object of a class that does not have an RDN defined in the schema.
- 8307 (0x2073)
An attempt was made to add an object using an RDN that is not the RDN defined in the schema.
- 8308 (0x2074)
None of the requested attributes were found on the objects.
- 8309 (0x2075)
The user buffer is too small.
- 8310 (0x2076)
The attribute specified in the operation is not present on the object.
- 8311 (0x2077)
Illegal modify operation. Some aspect of the modification is not permitted.
- 8312 (0x2078)
The specified object is too large.
- 8313 (0x2079)
The specified instance type is not valid.
- 8314 (0x207A)
The operation must be performed at a master DSA.
- 8315 (0x207B)
The object class attribute must be specified.
- 8316 (0x207C)
A required attribute is missing.
- 8317 (0x207D)
An attempt was made to modify an object to include an attribute that is not legal for its class.
- 8318 (0x207E)
The specified attribute is already present on the object.
- 8320 (0x2080)
The specified attribute is not present, or has no values.
- 8321 (0x2081)
Multiple values were specified for an attribute that can have only one value.
- 8322 (0x2082)
A value for the attribute was not in the acceptable range of values.
- 8323 (0x2083)
The specified value already exists.
- 8324 (0x2084)
The attribute cannot be removed because it is not present on the object.
- 8325 (0x2085)
The attribute value cannot be removed because it is not present on the object.
- 8326 (0x2086)
The specified root object cannot be a subref.
- 8327 (0x2087)
Chaining is not permitted.
- 8328 (0x2088)
Chained evaluation is not permitted.
- 8329 (0x2089)
The operation could not be performed because the object’s parent is either uninstantiated or deleted.
- 8330 (0x208A)
Having a parent that is an alias is not permitted. Aliases are leaf objects.
- 8331 (0x208B)
The object and parent must be of the same type, either both masters or both replicas.
- 8332 (0x208C)
The operation cannot be performed because child objects exist. This operation can only be performed on a leaf object.
- 8333 (0x208D)
Directory object not found.
- 8334 (0x208E)
The aliased object is missing.
- 8335 (0x208F)
The object name has bad syntax.
- 8336 (0x2090)
It is not permitted for an alias to refer to another alias.
- 8337 (0x2091)
The alias cannot be dereferenced.
- 8338 (0x2092)
The operation is out of scope.
- 8339 (0x2093)
The operation cannot continue because the object is in the process of being removed.
- 8340 (0x2094)
The DSA object cannot be deleted.
- 8341 (0x2095)
A directory service error has occurred.
- 8342 (0x2096)
The operation can only be performed on an internal master DSA object.
- 8343 (0x2097)
The object must be of class DSA.
- 8344 (0x2098)
Insufficient access rights to perform the operation.
- 8345 (0x2099)
The object cannot be added because the parent is not on the list of possible superiors.
- 8346 (0x209A)
Access to the attribute is not permitted because the attribute is owned by the Security Accounts Manager (SAM).
- 8347 (0x209B)
The name has too many parts.
- 8348 (0x209C)
The name is too long.
- 8349 (0x209D)
The name value is too long.
- 8350 (0x209E)
The directory service encountered an error parsing a name.
- 8351 (0x209F)
The directory service cannot get the attribute type for a name.
- 8352 (0x20A0)
The name does not identify an object; the name identifies a phantom.
- 8353 (0x20A1)
The security descriptor is too short.
- 8354 (0x20A2)
The security descriptor is invalid.
- 8355 (0x20A3)
Failed to create name for deleted object.
- 8356 (0x20A4)
The parent of a new subref must exist.
- 8357 (0x20A5)
The object must be a naming context.
- 8358 (0x20A6)
It is not permitted to add an attribute which is owned by the system.
- 8359 (0x20A7)
The class of the object must be structural; you cannot instantiate an abstract class.
- 8360 (0x20A8)
The schema object could not be found.
- 8361 (0x20A9)
A local object with this GUID (dead or alive) already exists.
- 8362 (0x20AA)
The operation cannot be performed on a back link.
- 8363 (0x20AB)
The cross reference for the specified naming context could not be found.
- 8364 (0x20AC)
The operation could not be performed because the directory service is shutting down.
- 8365 (0x20AD)
The directory service request is invalid.
- 8366 (0x20AE)
The role owner attribute could not be read.
- 8367 (0x20AF)
The requested FSMO operation failed. The current FSMO holder could not be contacted.
- 8368 (0x20B0)
Modification of a DN across a naming context is not permitted.
- 8369 (0x20B1)
The attribute cannot be modified because it is owned by the system.
- 8370 (0x20B2)
Only the replicator can perform this function.
- 8371 (0x20B3)
The specified class is not defined.
- 8372 (0x20B4)
The specified class is not a subclass.
- 8373 (0x20B5)
The name reference is invalid.
- 8374 (0x20B6)
A cross reference already exists.
- 8375 (0x20B7)
It is not permitted to delete a master cross reference.
- 8376 (0x20B8)
Subtree notifications are only supported on NC heads.
- 8377 (0x20B9)
Notification filter is too complex.
- 8378 (0x20BA)
Schema update failed: duplicate RDN.
- 8379 (0x20BB)
Schema update failed: duplicate OID.
- 8380 (0x20BC)
Schema update failed: duplicate MAPI identifier.
- 8381 (0x20BD)
Schema update failed: duplicate schema-id GUID.
- 8382 (0x20BE)
Schema update failed: duplicate LDAP display name.
- 8383 (0x20BF)
Schema update failed: range-lower less than range upper.
- 8384 (0x20C0)
Schema update failed: syntax mismatch.
- 8385 (0x20C1)
Schema deletion failed: attribute is used in must-contain.
- 8386 (0x20C2)
Schema deletion failed: attribute is used in may-contain.
- 8387 (0x20C3)
Schema update failed: attribute in may-contain does not exist.
- 8388 (0x20C4)
Schema update failed: attribute in must-contain does not exist.
- 8389 (0x20C5)
Schema update failed: class in aux-class list does not exist or is not an auxiliary class.
- 8390 (0x20C6)
Schema update failed: class in poss-superiors does not exist.
- 8391 (0x20C7)
Schema update failed: class in subclassof list does not exist or does not satisfy hierarchy rules.
- 8392 (0x20C8)
Schema update failed: Rdn-Att-Id has wrong syntax.
- 8393 (0x20C9)
Schema deletion failed: class is used as auxiliary class.
- 8394 (0x20CA)
Schema deletion failed: class is used as sub class.
- 8395 (0x20CB)
Schema deletion failed: class is used as poss superior.
- 8396 (0x20CC)
Schema update failed in recalculating validation cache.
- 8397 (0x20CD)
The tree deletion is not finished. The request must be made again to continue deleting the tree.
- 8398 (0x20CE)
The requested delete operation could not be performed.
- 8399 (0x20CF)
Cannot read the governs class identifier for the schema record.
- 8400 (0x20D0)
The attribute schema has bad syntax.
- 8401 (0x20D1)
The attribute could not be cached.
- 8402 (0x20D2)
The class could not be cached.
- 8403 (0x20D3)
The attribute could not be removed from the cache.
- 8404 (0x20D4)
The class could not be removed from the cache.
- 8405 (0x20D5)
The distinguished name attribute could not be read.
- 8406 (0x20D6)
No superior reference has been configured for the directory service. The directory service is therefore unable to issue referrals to objects outside this forest.
- 8407 (0x20D7)
The instance type attribute could not be retrieved.
- 8408 (0x20D8)
An internal error has occurred.
- 8409 (0x20D9)
A database error has occurred.
- 8410 (0x20DA)
The attribute GOVERNSID is missing.
- 8411 (0x20DB)
An expected attribute is missing.
- 8412 (0x20DC)
The specified naming context is missing a cross reference.
- 8413 (0x20DD)
A security checking error has occurred.
- 8414 (0x20DE)
The schema is not loaded.
- 8415 (0x20DF)
Schema allocation failed. Please check if the machine is running low on memory.
- 8416 (0x20E0)
Failed to obtain the required syntax for the attribute schema.
- 8417 (0x20E1)
The global catalog verification failed. The global catalog is not available or does not support the operation. Some part of the directory is currently not available.
- 8418 (0x20E2)
The replication operation failed because of a schema mismatch between the servers involved.
- 8419 (0x20E3)
The DSA object could not be found.
- 8420 (0x20E4)
The naming context could not be found.
- 8421 (0x20E5)
The naming context could not be found in the cache.
- 8422 (0x20E6)
The child object could not be retrieved.
- 8423 (0x20E7)
The modification was not permitted for security reasons.
- 8424 (0x20E8)
The operation cannot replace the hidden record.
- 8425 (0x20E9)
The hierarchy file is invalid.
- 8426 (0x20EA)
The attempt to build the hierarchy table failed.
- 8427 (0x20EB)
The directory configuration parameter is missing from the registry.
- 8428 (0x20EC)
The attempt to count the address book indices failed.
- 8429 (0x20ED)
The allocation of the hierarchy table failed.
- 8430 (0x20EE)
The directory service encountered an internal failure.
- 8431 (0x20EF)
The directory service encountered an unknown failure.
- 8432 (0x20F0)
A root object requires a class of ‘top’.
- 8433 (0x20F1)
This directory server is shutting down, and cannot take ownership of new floating single-master operation roles.
- 8434 (0x20F2)
The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.
- 8435 (0x20F3)
The directory service was unable to transfer ownership of one or more floating single-master operation roles to other servers.
- 8436 (0x20F4)
The replication operation failed.
- 8437 (0x20F5)
An invalid parameter was specified for this replication operation.
- 8438 (0x20F6)
The directory service is too busy to complete the replication operation at this time.
- 8439 (0x20F7)
The distinguished name specified for this replication operation is invalid.
- 8440 (0x20F8)
The naming context specified for this replication operation is invalid.
- 8441 (0x20F9)
The distinguished name specified for this replication operation already exists.
- 8442 (0x20FA)
The replication system encountered an internal error.
- 8443 (0x20FB)
The replication operation encountered a database inconsistency.
- 8444 (0x20FC)
The server specified for this replication operation could not be contacted.
- 8445 (0x20FD)
The replication operation encountered an object with an invalid instance type.
- 8446 (0x20FE)
The replication operation failed to allocate memory.
- 8447 (0x20FF)
The replication operation encountered an error with the mail system.
- 8448 (0x2100)
The replication reference information for the target server already exists.
- 8449 (0x2101)
The replication reference information for the target server does not exist.
- 8450 (0x2102)
The naming context cannot be removed because it is replicated to another server.
- 8451 (0x2103)
The replication operation encountered a database error.
- 8452 (0x2104)
The naming context is in the process of being removed or is not replicated from the specified server.
- 8453 (0x2105)
Replication access was denied.
- 8454 (0x2106)
The requested operation is not supported by this version of the directory service.
- 8455 (0x2107)
The replication remote procedure call was cancelled.
- 8456 (0x2108)
The source server is currently rejecting replication requests.
- 8457 (0x2109)
The destination server is currently rejecting replication requests.
- 8458 (0x210A)
The replication operation failed due to a collision of object names.
- 8459 (0x210B)
The replication source has been reinstalled.
- 8460 (0x210C)
The replication operation failed because a required parent object is missing.
- 8461 (0x210D)
The replication operation was preempted.
- 8462 (0x210E)
The replication synchronization attempt was abandoned because of a lack of updates.
- 8463 (0x210F)
The replication operation was terminated because the system is shutting down.
- 8464 (0x2110)
Synchronization attempt failed because the destination DC is currently waiting to synchronize new partial attributes from source. This condition is normal if a recent schema change modified the partial attribute set. The destination partial attribute set is not a subset of source partial attribute set.
- 8465 (0x2111)
The replication synchronization attempt failed because a master replica attempted to sync from a partial replica.
- 8466 (0x2112)
The server specified for this replication operation was contacted, but that server was unable to contact an additional server needed to complete the operation.
- 8467 (0x2113)
The version of the directory service schema of the source forest is not compatible with the version of directory service on this computer.
- 8468 (0x2114)
Schema update failed: An attribute with the same link identifier already exists.
- 8469 (0x2115)
Name translation: Generic processing error.
- 8470 (0x2116)
Name translation: Could not find the name or insufficient right to see name.
- 8471 (0x2117)
Name translation: Input name mapped to more than one output name.
- 8472 (0x2118)
Name translation: Input name found, but not the associated output format.
- 8473 (0x2119)
Name translation: Unable to resolve completely, only the domain was found.
- 8474 (0x211A)
Name translation: Unable to perform purely syntactical mapping at the client without going out to the wire.
- 8475 (0x211B)
Modification of a constructed attribute is not allowed.
- 8476 (0x211C)
The OM-Object-Class specified is incorrect for an attribute with the specified syntax.
- 8477 (0x211D)
The replication request has been posted; waiting for reply.
- 8478 (0x211E)
The requested operation requires a directory service, and none was available.
- 8479 (0x211F)
The LDAP display name of the class or attribute contains non-ASCII characters.
- 8480 (0x2120)
The requested search operation is only supported for base searches.
- 8481 (0x2121)
The search failed to retrieve attributes from the database.
- 8482 (0x2122)
The schema update operation tried to add a backward link attribute that has no corresponding forward link.
- 8483 (0x2123)
Source and destination of a cross-domain move do not agree on the object’s epoch number. Either source or destination does not have the latest version of the object.
- 8484 (0x2124)
Source and destination of a cross-domain move do not agree on the object’s current name. Either source or destination does not have the latest version of the object.
- 8485 (0x2125)
Source and destination for the cross-domain move operation are identical. Caller should use local move operation instead of cross-domain move operation.
- 8486 (0x2126)
Source and destination for a cross-domain move are not in agreement on the naming contexts in the forest. Either source or destination does not have the latest version of the Partitions container.
- 8487 (0x2127)
Destination of a cross-domain move is not authoritative for the destination naming context.
- 8488 (0x2128)
Source and destination of a cross-domain move do not agree on the identity of the source object. Either source or destination does not have the latest version of the source object.
- 8489 (0x2129)
Object being moved across-domains is already known to be deleted by the destination server. The source server does not have the latest version of the source object.
- 8490 (0x212A)
Another operation which requires exclusive access to the PDC FSMO is already in progress.
- 8491 (0x212B)
A cross-domain move operation failed such that two versions of the moved object exist – one each in the source and destination domains. The destination object needs to be removed to restore the system to a consistent state.
- 8492 (0x212C)
This object may not be moved across domain boundaries either because cross-domain moves for this class are disallowed, or the object has some special characteristics, e.g.: trust account or restricted RID, which prevent its move.
- 8493 (0x212D)
Can’t move objects with memberships across domain boundaries as once moved, this would violate the membership conditions of the account group. Remove the object from any account group memberships and retry.
- 8494 (0x212E)
A naming context head must be the immediate child of another naming context head, not of an interior node.
- 8495 (0x212F)
The directory cannot validate the proposed naming context name because it does not hold a replica of the naming context above the proposed naming context. Please ensure that the domain naming master role is held by a server that is configured as a global catalog server, and that the server is up to date with its replication partners. (Applies only to Windows 2000 Domain Naming masters.)
- 8496 (0x2130)
Destination domain must be in native mode.
- 8497 (0x2131)
The operation cannot be performed because the server does not have an infrastructure container in the domain of interest.
- 8498 (0x2132)
Cross-domain move of non-empty account groups is not allowed.
- 8499 (0x2133)
Cross-domain move of non-empty resource groups is not allowed.
- 8500 (0x2134)
The search flags for the attribute are invalid. The ANR bit is valid only on attributes of Unicode or Teletex strings.
- 8501 (0x2135)
Tree deletions starting at an object which has an NC head as a descendant are not allowed.
- 8502 (0x2136)
The directory service failed to lock a tree in preparation for a tree deletion because the tree was in use.
- 8503 (0x2137)
The directory service failed to identify the list of objects to delete while attempting a tree deletion.
- 8504 (0x2138)
Security Accounts Manager initialization failed because of the following error: %1. Error Status: 0x%2. Please shutdown this system and reboot into Directory Services Restore Mode, check the event log for more detailed information.
- 8505 (0x2139)
Only an administrator can modify the membership list of an administrative group.
- 8506 (0x213A)
Cannot change the primary group ID of a domain controller account.
- 8507 (0x213B)
An attempt is made to modify the base schema.
- 8508 (0x213C)
Adding a new mandatory attribute to an existing class, deleting a mandatory attribute from an existing class, or adding an optional attribute to the special class Top that is not a backlink attribute (directly or through inheritance, for example, by adding or deleting an auxiliary class) is not allowed.
- 8509 (0x213D)
Schema update is not allowed on this DC because the DC is not the schema FSMO Role Owner.
- 8510 (0x213E)
An object of this class cannot be created under the schema container. You can only create attribute-schema and class-schema objects under the schema container.
- 8511 (0x213F)
The replica/child install failed to get the objectVersion attribute on the schema container on the source DC. Either the attribute is missing on the schema container or the credentials supplied do not have permission to read it.
- 8512 (0x2140)
The replica/child install failed to read the objectVersion attribute in the SCHEMA section of the file schema.ini in the system32 directory.
- 8513 (0x2141)
The specified group type is invalid.
- 8514 (0x2142)
You cannot nest global groups in a mixed domain if the group is security-enabled.
- 8515 (0x2143)
You cannot nest local groups in a mixed domain if the group is security-enabled.
- 8516 (0x2144)
A global group cannot have a local group as a member.
- 8517 (0x2145)
A global group cannot have a universal group as a member.
- 8518 (0x2146)
A universal group cannot have a local group as a member.
- 8519 (0x2147)
A global group cannot have a cross-domain member.
- 8520 (0x2148)
A local group cannot have another cross domain local group as a member.
- 8521 (0x2149)
A group with primary members cannot change to a security-disabled group.
- 8522 (0x214A)
The schema cache load failed to convert the string default SD on a class-schema object.
- 8523 (0x214B)
Only DSAs configured to be Global Catalog servers should be allowed to hold the Domain Naming Master FSMO role. (Applies only to Windows 2000 servers.)
- 8524 (0x214C)
The DSA operation is unable to proceed because of a DNS lookup failure.
- 8525 (0x214D)
While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync.
- 8526 (0x214E)
The Security Descriptor attribute could not be read.
- 8527 (0x214F)
The object requested was not found, but an object with that key was found.
- 8528 (0x2150)
The syntax of the linked attribute being added is incorrect. Forward links can only have syntax 184.108.40.206, 220.127.116.11, and 18.104.22.168, and backlinks can only have syntax 22.214.171.124.
- 8529 (0x2151)
Security Account Manager needs to get the boot password.
- 8530 (0x2152)
Security Account Manager needs to get the boot key from floppy disk.
- 8531 (0x2153)
Directory Service cannot start.
- 8532 (0x2154)
Directory Services could not start.
- 8533 (0x2155)
The connection between client and server requires packet privacy or better.
- 8534 (0x2156)
The source domain may not be in the same forest as destination.
- 8535 (0x2157)
The destination domain must be in the forest.
- 8536 (0x2158)
The operation requires that destination domain auditing be enabled.
- 8537 (0x2159)
The operation couldn’t locate a DC for the source domain.
- 8538 (0x215A)
The source object must be a group or user.
- 8539 (0x215B)
The source object’s SID already exists in destination forest.
- 8540 (0x215C)
The source and destination object must be of the same type.
- 8541 (0x215D)
Security Accounts Manager initialization failed because of the following error: %1. Error Status: 0x%2. Click OK to shut down the system and reboot into Safe Mode. Check the event log for detailed information.
- 8542 (0x215E)
Schema information could not be included in the replication request.
- 8543 (0x215F)
The replication operation could not be completed due to a schema incompatibility.
- 8544 (0x2160)
The replication operation could not be completed due to a previous schema incompatibility.
- 8545 (0x2161)
The replication update could not be applied because either the source or the destination has not yet received information regarding a recent cross-domain move operation.
- 8546 (0x2162)
The requested domain could not be deleted because there exist domain controllers that still host this domain.
- 8547 (0x2163)
The requested operation can be performed only on a global catalog server.
- 8548 (0x2164)
A local group can only be a member of other local groups in the same domain.
- 8549 (0x2165)
Foreign security principals cannot be members of universal groups.
- 8550 (0x2166)
The attribute is not allowed to be replicated to the GC because of security reasons.
- 8551 (0x2167)
The checkpoint with the PDC could not be taken because there too many modifications being processed currently.
- 8552 (0x2168)
The operation requires that source domain auditing be enabled.
- 8553 (0x2169)
Security principal objects can only be created inside domain naming contexts.
- 8554 (0x216A)
A Service Principal Name (SPN) could not be constructed because the provided hostname is not in the necessary format.
- 8555 (0x216B)
A Filter was passed that uses constructed attributes.
- 8556 (0x216C)
The unicodePwd attribute value must be enclosed in double quotes.
- 8557 (0x216D)
Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.
- 8558 (0x216E)
For security reasons, the operation must be run on the destination DC.
- 8559 (0x216F)
For security reasons, the source DC must be NT4SP4 or greater.
- 8560 (0x2170)
Critical Directory Service System objects cannot be deleted during tree delete operations. The tree delete may have been partially performed.
- 8561 (0x2171)
Directory Services could not start because of the following error: %1. Error Status: 0x%2. Please click OK to shutdown the system. You can use the recovery console to diagnose the system further.
- 8562 (0x2172)
Security Accounts Manager initialization failed because of the following error: %1. Error Status: 0x%2. Please click OK to shutdown the system. You can use the recovery console to diagnose the system further.
- 8563 (0x2173)
The version of the operating system is incompatible with the current AD DS forest functional level or AD LDS Configuration Set functional level. You must upgrade to a new version of the operating system before this server can become an AD DS Domain Controller or add an AD LDS Instance in this AD DS Forest or AD LDS Configuration Set.
- 8564 (0x2174)
The version of the operating system installed is incompatible with the current domain functional level. You must upgrade to a new version of the operating system before this server can become a domain controller in this domain.
- 8565 (0x2175)
The version of the operating system installed on this server no longer supports the current AD DS Forest functional level or AD LDS Configuration Set functional level. You must raise the AD DS Forest functional level or AD LDS Configuration Set functional level before this server can become an AD DS Domain Controller or an AD LDS Instance in this Forest or Configuration Set.
- 8566 (0x2176)
The version of the operating system installed on this server no longer supports the current domain functional level. You must raise the domain functional level before this server can become a domain controller in this domain.
- 8567 (0x2177)
The version of the operating system installed on this server is incompatible with the functional level of the domain or forest.
- 8568 (0x2178)
The functional level of the domain (or forest) cannot be raised to the requested value, because there exist one or more domain controllers in the domain (or forest) that are at a lower incompatible functional level.
- 8569 (0x2179)
The forest functional level cannot be raised to the requested value since one or more domains are still in mixed domain mode. All domains in the forest must be in native mode, for you to raise the forest functional level.
- 8570 (0x217A)
The sort order requested is not supported.
- 8571 (0x217B)
The requested name already exists as a unique identifier.
- 8572 (0x217C)
The machine account was created pre-NT4. The account needs to be recreated.
- 8573 (0x217D)
The database is out of version store.
- 8574 (0x217E)
Unable to continue operation because multiple conflicting controls were used.
- 8575 (0x217F)
Unable to find a valid security descriptor reference domain for this partition.
- 8576 (0x2180)
Schema update failed: The link identifier is reserved.
- 8577 (0x2181)
Schema update failed: There are no link identifiers available.
- 8578 (0x2182)
An account group cannot have a universal group as a member.
- 8579 (0x2183)
Rename or move operations on naming context heads or read-only objects are not allowed.
- 8580 (0x2184)
Move operations on objects in the schema naming context are not allowed.
- 8581 (0x2185)
A system flag has been set on the object and does not allow the object to be moved or renamed.
- 8582 (0x2186)
This object is not allowed to change its grandparent container. Moves are not forbidden on this object, but are restricted to sibling containers.
- 8583 (0x2187)
Unable to resolve completely, a referral to another forest is generated.
- 8584 (0x2188)
The requested action is not supported on standard server.
- 8585 (0x2189)
Could not access a partition of the directory service located on a remote server. Make sure at least one server is running for the partition in question.
- 8586 (0x218A)
The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica nor can it contact a replica of the naming context above the proposed naming context. Please ensure that the parent naming context is properly registered in DNS, and at least one replica of this naming context is reachable by the Domain Naming master.
- 8587 (0x218B)
The thread limit for this request was exceeded.
- 8588 (0x218C)
The Global catalog server is not in the closest site.
- 8589 (0x218D)
The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
- 8590 (0x218E)
The Directory Service failed to enter single user mode.
- 8591 (0x218F)
The Directory Service cannot parse the script because of a syntax error.
- 8592 (0x2190)
The Directory Service cannot process the script because of an error.
- 8593 (0x2191)
The directory service cannot perform the requested operation because the servers involved are of different replication epochs (which is usually related to a domain rename that is in progress).
- 8594 (0x2192)
The directory service binding must be renegotiated due to a change in the server extensions information.
- 8595 (0x2193)
Operation not allowed on a disabled cross ref.
- 8596 (0x2194)
Schema update failed: No values for msDS-IntId are available.
- 8597 (0x2195)
Schema update failed: Duplicate msDS-INtId. Retry the operation.
- 8598 (0x2196)
Schema deletion failed: attribute is used in rDNAttID.
- 8599 (0x2197)
The directory service failed to authorize the request.
- 8600 (0x2198)
The Directory Service cannot process the script because it is invalid.
- 8601 (0x2199)
The remote create cross reference operation failed on the Domain Naming Master FSMO. The operation’s error is in the extended data.
- 8602 (0x219A)
A cross reference is in use locally with the same name.
- 8603 (0x219B)
The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the server’s domain has been deleted from the forest.
- 8604 (0x219C)
Writeable NCs prevent this DC from demoting.
- 8605 (0x219D)
The requested object has a non-unique identifier and cannot be retrieved.
- 8606 (0x219E)
Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and already garbage collected.
- 8607 (0x219F)
The group cannot be converted due to attribute restrictions on the requested group type.
- 8608 (0x21A0)
Cross-domain move of non-empty basic application groups is not allowed.
- 8609 (0x21A1)
Cross-domain move of non-empty query based application groups is not allowed.
- 8610 (0x21A2)
The FSMO role ownership could not be verified because its directory partition has not replicated successfully with at least one replication partner.
- 8611 (0x21A3)
The target container for a redirection of a well known object container cannot already be a special container.
- 8612 (0x21A4)
The Directory Service cannot perform the requested operation because a domain rename operation is in progress.
- 8613 (0x21A5)
The directory service detected a child partition below the requested partition name. The partition hierarchy must be created in a top down method.
- 8614 (0x21A6)
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
- 8615 (0x21A7)
The requested operation is not allowed on an object under the system container.
- 8616 (0x21A8)
The LDAP servers network send queue has filled up because the client is not processing the results of its requests fast enough. No more requests will be processed until the client catches up. If the client does not catch up then it will be disconnected.
- 8617 (0x21A9)
The scheduled replication did not take place because the system was too busy to execute the request within the schedule window. The replication queue is overloaded. Consider reducing the number of partners or decreasing the scheduled replication frequency.
- 8618 (0x21AA)
At this time, it cannot be determined if the branch replication policy is available on the hub domain controller. Please retry at a later time to account for replication latencies.
- 8619 (0x21AB)
The site settings object for the specified site does not exist.
- 8620 (0x21AC)
The local account store does not contain secret material for the specified account.
- 8621 (0x21AD)
Could not find a writable domain controller in the domain.
- 8622 (0x21AE)
The server object for the domain controller does not exist.
- 8623 (0x21AF)
The NTDS Settings object for the domain controller does not exist.
- 8624 (0x21B0)
The requested search operation is not supported for ASQ searches.
- 8625 (0x21B1)
A required audit event could not be generated for the operation.
- 8626 (0x21B2)
The search flags for the attribute are invalid. The subtree index bit is valid only on single valued attributes.
- 8627 (0x21B3)
The search flags for the attribute are invalid. The tuple index bit is valid only on attributes of Unicode strings.
- 8628 (0x21B4)
The address books are nested too deeply. Failed to build the hierarchy table.
- 8629 (0x21B5)
The specified up-to-date-ness vector is corrupt.
- 8630 (0x21B6)
The request to replicate secrets is denied.
- 8631 (0x21B7)
Schema update failed: The MAPI identifier is reserved.
- 8632 (0x21B8)
Schema update failed: There are no MAPI identifiers available.
- 8633 (0x21B9)
The replication operation failed because the required attributes of the local krbtgt object are missing.
- 8634 (0x21BA)
The domain name of the trusted domain already exists in the forest.
- 8635 (0x21BB)
The flat name of the trusted domain already exists in the forest.
- 8636 (0x21BC)
The User Principal Name (UPN) is invalid.
- 8637 (0x21BD)
OID mapped groups cannot have members.
- 8638 (0x21BE)
The specified OID cannot be found.
- 8639 (0x21BF)
The replication operation failed because the target object referred by a link value is recycled.
- 8640 (0x21C0)
The redirect operation failed because the target object is in a NC different from the domain NC of the current domain controller.
- 8641 (0x21C1)
The functional level of the AD LDS configuration set cannot be lowered to the requested value.
- 8642 (0x21C2)
The functional level of the domain (or forest) cannot be lowered to the requested value.
- 8643 (0x21C3)
The functional level of the AD LDS configuration set cannot be raised to the requested value, because there exist one or more ADLDS instances that are at a lower incompatible functional level.
- 8644 (0x21C4)
The domain join cannot be completed because the SID of the domain you attempted to join was identical to the SID of this machine. This is a symptom of an improperly cloned operating system install. You should run sysprep on this machine in order to generate a new machine SID. Please see http://go.microsoft.com/fwlink/?LinkId=168895 for more information.
- 8645 (0x21C5)
The undelete operation failed because the Sam Account Name or Additional Sam Account Name of the object being undeleted conflicts with an existing live object.
- 8646 (0x21C6)
The system is not authoritative for the specified account and therefore cannot complete the operation. Please retry the operation using the provider associated with this account. If this is an online provider please use the provider’s online site.
Source – Microsoft
For any questions, queries please do not hesitate to leave a comment in the queries page at the bottom of the page or contact us at firstname.lastname@example.org
Join us on facebook
Build date: 5/5/2012