Event ID - 1852

Event Id1852
SourceMicrosoft-Windows-ActiveDirectory_DomainService
DescriptionThe schemaIdGuid value for the following attribute duplicates the schemaIdGuid value for an existing attribute. Attribute:%1 (%2, %3) Existing attribute:%4 (%5, %6) Both attributes are considered deactivated (as if the isDefunct attribute value were TRUE). The condition will resolve itself after the schema directory partition has replicated successfully. User Action If this event continues to occur, initiate a replication cycle with all replication partners of the local directory service. If the condition persists, deactivate one of the above classes by setting the isDefunct value to TRUE.
Event InformationAccording to Microsoft :
Cause :
This event is logged when the schemaIdGuid value for attribute duplicates the schemaIdGuid value for an existing attribute.
Resolution :
Remove one of the conflicting schema objects
Event IDs 1845, 1847 through 1854, and 1895 through 1897 indicate there is a conflict in one or more schema objects. There are several procedures that you can use to resolve this issue. Perform the following procedures on a domain member computer that has domain administrative tools installed. After each procedure, check Event Viewer to determine whether the issue condition continues to be logged.
  1. Update the schema cache.
  2. Start Active Directory replication.
  3. Disable one of the conflicting schema classes or attributes.
  4. Restore the Active Directory database from backup media.
To perform these procedures, must have membership in Domain Admins or must have been delegated the appropriate authority.
Update the schema cache
To verify a successful update of the schema, you can enable diagnostic logging for the schema. When diagnostic logging is enabled, a schema update produces Event ID 1582 in the Directory Service log of the Event Viewer. To enable diagnostic logging for the schema, you must edit the registry.
To update the schema cache:
Caution : Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
  1. Open Registry Editor. To open Registry Editor, click Start. In Start Search, type regedit, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. In the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics, in the left pane, right-click 24 DS Schema, and then click Modify.
  3. Type 1 or higher (up to 5) for Value data to enable diagnostic logging for the schema. The higher the value, the more information is reported to the Directory Service log.Click OK.
  4. Create a new text file named SchemaUp in a folder location that is convenient for you to access.
  5. Copy the following five lines of text, and then paste them as the contents of the SchemaUp.txt file.
    dn:
    changetype: modify
    add: schemaUpdateNow
    schemaUpdateNow: 1
  6. After you paste the text into the file, ensure that there are no line breaks (carriage returns) between each line of text. If there are, delete the empty lines. Ensure that you have a hyphen as the last line of text in the file.
  7. Save the file.
  8. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start Menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  9. Type ldif -i -f SchemaUp.txt, and then press ENTER. If necessary, type the file path to the text file that you saved.
  10. Open Event Viewer. To open Event Viewer, click Start. In Start Search, type eventvwr.msc, and then press ENTER.
  11. Expand Applications and Services Logs, and then click Directory Service.
  12. Look for Event ID 1582, which confirms that the schema cache was reloaded successfully. If you do not see this event, click Find and type 1582, and then click Find Now. Event ID 1582 confirms that the schema cache was updated.
  13. Confirm that there are no Critical, Error, or Warning events related to the schema after the schema cache update. To locate events that are related to the schema, click Find, type DS Schema, and then click Find Next.
  14. Continue to click Find Next, and review each event until you have verified there are no Critical, Error, or Warning events that occured after the schema cache update.
Note : When you confirm that the schema cache was updated, you can set the 24 DS Schema value to 0 if you no longer need diagnostic logging for schema events. You can use the Reg command to modify the 24 DS Schema registry value.
Start Active Directory replication
To start Active Directory replication:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type repadmin /syncall /user:domain\user /pw:password, and then press ENTER. Substitute the appropriate domain name, user name, and password for domain, user, and password, respectively. The command output indicates whether synchronization started successfully.
To perform the following procedure, you must have membership in Domain Admins and Schema Admins, or you must have been delegated the appropriate authority. Perform all steps on the computer that is logging the event to be resolved.
Disable one of the conflicting schema classes or attributes
To disable a conflicting schema class or attribute:
  1. Obtain the name of a conflicting schema object from the event text in Event Viewer.
  2. Open ADSI Edit. To open ADSI Edit, click Start. In Start Search, type ADSIEdit.msc, and then press ENTER. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. Right-click ADSI Edit, and then click Connect to.
  4. In Select a well known Naming Context, click Schema. The default action of the tool is to connect to the local domain. If you want to connect to another domain or server, you can do that under Computer in the Connection Settings dialog box.Click OK.
  5. In the console tree, expand Schema.
  6. Click the object name CN=Schema.
  7. In the middle pane, a three-column list of schema attribute and class names, class identifiers, and distinguished names appears. In the Name column, right-click the class or attribute that is named in the Event Viewer event text, and then click Properties.
  8. In the class or attribute properties box, on the Attribute Editor tab, click the isDefunct attribute, and then click Edit.
  9. Click True, and then click OK twice.
  10. Close ADSI Edit.
Restore the Active Directory database from backup media
To restore the Active Directory database from backup media, you need the Directory Services Restore Mode password. If you do not know the Directory Services Restore Mode password, you can reset it by using the Ntdsutil tool.
Note : There is no need to attempt an authoritative restore because the schema cannot be restored by using an authoritative restore.
Reference LinksEvent ID 1852 from Source Microsoft-Windows-ActiveDirectory_DomainService

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.