Event Id | 3359 |
Source | Windows SharePoint Services 3 |
Description | The application pool account has insufficient permission to add user accounts to Active Directory. |
Event Information | According to Microsoft : Cause : This event is logged when Windows SharePoint Services 3.0 could not add a new user to an end-user-accessible site. This error might be caused by one of the following conditions: 1)The application pool account has insufficient permissions to add/read user accounts to/from Active Directory. 2)The Active Directory organization unit registered in Windows SharePoint Services 3.0 does not exist. To see which account is being used by the application pool for the site where you could not add a user You must be a member of the SharePoint Administrators group to perform this task. 1.In Central Administration, on the left navigation pane, clickApplication Management. 2. On the Application Management page, in theSharePoint Site Managementsection, click Site collection list. 3.On the Site Collection List page, you will see the site collections listed for a specific Web application. If you do not see the site collection that contains the site where you could not add a user, then click the drop-down list next to Web Application to switch to another Web application. 4.On the left navigation pane, clickApplication Management.5. On the Application Management page, in the SharePoint Application Management section, clickWeb application list. The name of the Application pool will be to the left of the URL. 6. In Internet Information Services Manager, expand the server node and then expand the Application Pools node. 7.Right-click the application pool and clickProperties. 8. In theProperties dialog box, on theIdentity tab, the account is shown in theUser name box. Resolution : Assign the application pool account sufficient permissions Windows SharePoint Services 3.0 have permissions to create accounts in the sharepoint_ou organizational unit, the identity account for the SharePoint Central Administration v3 application pool and the identity accounts for any Web applications must have the correct permissions delegated to it. To see which account is being used by the application pool for the site where you could not add a user Note : You must be a member of the SharePoint Administrators group to perform this task. 1.In Central Administration Web, on the left navigation pane, clickApplication Management. 2.On the Application Management page, in theSharePoint Site Management section, click Site collection list. 3.On the Site Collection List page, you will see the site collections listed for a specific Web application. If you do not see the site collection that contains the site where you could not add a user, then click the drop-down list next toWeb Application to switch to another Web application. 4.On the left navigation pane, clickApplication Management. 5.On the Application Management page, in theSharePoint Application Management section, clickWeb application list. The name of the Application pool will be to the left of the URL. 6.In Internet Information Services Manager, expand the server node and then expand theApplication Pools node. 7.Right-click the application pool and click Properties. 8.In theProperties dialog box, on theIdentity tab, the account is shown in theUser name box. Verify : Ensure that a new user can be added to an end-user-accessible site. The action should succeed without error. You must be a site administrator to perform this task. To check if a new user can be added to an end-user-accessible site 1. In the top level page of the site, on the left navigation pane, clickPeople and Groups. 2.On the Peoples and Groups page, clickNew, and then clickAdd users. 3.On the Add Users page, type the user name in theUsers/Groups box. 4.Click the name-check icon to the rightUsers/Groups of the box. |
Reference Links | Event ID 3359 from Source Windows SharePoint Services 3 |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.