Event ID - 1983

Event Id1983
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionAD_TERM failed to create an access control entry (ACE) for the Enterprise Domain Controllers group or the Enterprise Read-only Domain Controllers group on a newly created application directory partition. Application directory partition: %3 User Action Review the access control list (ACL) on the newly created application directory partition. Ensure the Replication Get Changes All access right is assigned to both the Enterprise Domain Controllers group and the Enterprise Read-only Domain Controllers group, and remove the right from the domain Domain Controllers group.
Event InformationAccording to Microsoft :
Cause :
This event is logged when AD_TERM failed to create an access control entry (ACE) for the Enterprise Domain Controllers group or the Enterprise Read-only Domain Controllers group on a newly created application directory partition.
Resolution :
Ensure that the ACL on the application directory partition is configured properly
To resolve this issue, ensure that the access control list (ACL) has the appropriate access control entries (ACEs) on the application directory partition that is referred to in the Event Viewer event text. Perform the following procedure on a domain member computer that has domain administrative tools installed.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To ensure that the ACL on the application directory partition is correct:
  1. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type ADSIEdit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Right-click ADSI Edit, and then click Connect to.
  3. In Connection Point, click Select or type a Distinguished Name or Naming Context.Type a properly formatted Lightweight Directory Access Protocol (LDAP) path to the application directory partition that is referred to in the event text, for example, dc=App,dc=contoso,dc=com.
  4. If you are not already connected to the server and domain that you want to manage, type the appropriate domain and server names under Computer.
  5. Click OK.
  6. In the console tree, expand the Default naming context object to which you connected in the previous steps.
  7. Right-click the application directory partition that is identified in the event text, and then click Properties.
  8. Click Security.
  9. In Group or user names, select the ENTERPRISE DOMAIN CONTROLLERS group, and ensure that the Allow check box is selected for the following permission entries: Replicating Directory Changes, Replicating Directory Changes All, Replicating Directory Changes In, and Replication synchronization.
  10. In Group or user names, select the Enterprise Read-only Domain Controllers group, and ensure that the Allow check box is selected for the permission entry Replicating directory changes.
  11. If the Domain Controllers group appears in Group or user names, select it, and ensure that the Allow check box is cleared (not selected) for the permission entry Replicating directory changes.
  12. Click OK.
  13. Close ADSI Edit.
Verify :
After you create an application directory partition, check Event Viewer for the following Event IDs: 1979, 1980, 1981, 1982, and 1983. If you find these events after you create an application directory partition, the attempt to create the partition failed.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.
To verify the creation of an application directory partition by using Event Viewer:
  1. Open Event Viewer. To open Event Viewer, click Start. In Start Search, type eventvwr.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. Expand Applications and Services Logs, and then click Directory Service.
  3. Click Find, type 1979, and then click Find Now.
  4. Click Find Next to search for additional events as necessary.
  5. Repeat steps 2 through 4 to search for Event IDs 1980, 1981, 1982, and 1983.
Reference LinksEvent ID 1983 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.