objectVersion attribute on the schema container on the source DC. Either the attribute is missing on the schema container or the credentials supplied do not have permission to read it.
The replica or child install failed to read the objectVersion attribute in the SCHEMA section of the file schema.ini in the System32 directory.
The specified group type is invalid.
You cannot nest global groups in a mixed domain if the group is security-enabled.
You cannot nest local groups in a mixed domain if the group is security-enabled.
A global group cannot have a local group as a member.
A global group cannot have a universal group as a member.
A universal group cannot have a local group as a member.
A global group cannot have a cross-domain member.
A local group cannot have another cross domain local group as a member.
A group with primary members cannot change to a security-disabled group.
The schema cache load failed to convert the string default security descriptor (SD) on a class-schema object.
Only DSAs configured to be GC servers should be allowed to hold the domain naming master FSMO role. (Applies only to Windows 2000 servers.)
The DSA operation is unable to proceed because of a DNS lookup failure.
While processing a change to the DNS host name for an object, the SPN values could not be kept in sync.
The Security Descriptor attribute could not be read.
The object requested was not found, but an object with that key was found.
The syntax of the linked attribute being added is incorrect. Forward links can only have syntax 126.96.36.199, 188.8.131.52, and 184.108.40.206, and backlinks can only have syntax 220.127.116.11.
SAM needs to get the boot password.
SAM needs to get the boot key from the floppy disk.
Directory Service cannot start.
Directory Services could not start.
The connection between client and server requires packet privacy or better.
The source domain may not be in the same forest as the destination.
The destination domain must be in the forest.
The operation requires that destination domain auditing be enabled.
The operation could not locate a DC for the source domain.
The source object must be a group or user.
The source object's SID already exists in the destination forest.
The source and destination object must be of the same type.
SAM initialization failed because of the following error: %1. Error Status: 0x%2. Click OK to shut down the system and reboot into Safe Mode. Check the event log for detailed information.
Schema information could not be included in the replication request.
The replication operation could not be completed due to a schema incompatibility.
The replication operation could not be completed due to a previous schema incompatibility.
The replication update could not be applied because either the source or the destination has not yet received information regarding a recent cross-domain move operation.
The requested domain could not be deleted because there exist domain controllers that still host this domain.
The requested operation can be performed only on a GC server.
A local group can only be a member of other local groups in the same domain.
Foreign security principals cannot be members of universal groups.
The attribute is not allowed to be replicated to the GC because of security reasons.
The checkpoint with the PDC could not be taken because too many modifications are currently being processed.
The operation requires that source domain auditing be enabled.
Security principal objects can only be created inside domain naming contexts.
An SPN could not be constructed because the provided host name is not in the necessary format.
A filter was passed that uses constructed attributes.
The unicodePwd attribute value must be enclosed in quotation marks.
Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.
For security reasons, the source DC must be NT4SP4 or greater.
Critical directory service system objects cannot be deleted during tree deletion operations. The tree deletion may have been partially performed.
Directory Services could not start because of the following error: %1. Error Status: 0x%2. Click OK to shut down the system. You can use the Recovery Console to further diagnose the system.
SAM initialization failed because of the following error: %1. Error Status: 0x%2. Click OK to shut down the system. You can use the Recovery Console to further diagnose the system.
The version of the operating system installed is incompatible with the current forest functional level. You must upgrade to a new version of the operating system before this server can become a domain controller in this forest.
The version of the operating system installed is incompatible with the current domain functional level. You must upgrade to a new version of the operating system before this server can become a domain controller in this domain.
The version of the operating system installed on this server no longer supports the current forest functional level. You must raise the forest functional level before this server can become a domain controller in this forest.
The version of the operating system installed on this server no longer supports the current domain functional level. You must raise the domain functional level before this server can become a domain controller in this domain.
The version of the operating system installed on this server is incompatible with the functional level of the domain or forest.
The functional level of the domain (or forest) cannot be raised to the requested value because one or more domain controllers in the domain (or forest) are at a lower, incompatible functional level.
The forest functional level cannot be raised to the requested value because one or more domains are still in mixed-domain mode. All domains in the forest must be in native mode for you to raise the forest functional level.
The sort order requested is not supported.
The requested name already exists as a unique identifier.
The machine account was created before Windows NT 4.0. The account needs to be re-created.
The database is out of version store.
Unable to continue operation because multiple conflicting controls were used.
Unable to find a valid security descriptor reference domain for this partition.
Schema update failed: The link identifier is reserved.
Schema update failed: There are no link identifiers available.
An account group cannot have a universal group as a member.
Rename or move operations on naming context heads or read-only objects are not allowed.
Move operations on objects in the schema naming context are not allowed.
A system flag has been set on the object that does not allow the object to be moved or renamed.
This object is not allowed to change its grandparent container. Moves are not forbidden on this object, but are restricted to sibling containers.
Unable to resolve completely; a referral to another forest was generated.
The requested action is not supported on a standard server.
Could not access a partition of the directory service located on a remote server. Make sure at least one server is running for the partition in question.
The directory cannot validate the proposed naming context (or partition) name because it does not hold a replica, nor can it contact a replica of the naming context above the proposed naming context. Ensure that the parent naming context is properly registered in the DNS, and at least one replica of this naming context is reachable by the domain naming master.
The thread limit for this request was exceeded.
The GC server is not in the closest site.
The directory service cannot derive an SPN with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute.
The directory service failed to enter single-user mode.
The directory service cannot parse the script because of a syntax error.
The directory service cannot process the script because of an error.
The directory service cannot perform the requested operation because the servers involved are of different replication epochs (which is usually related to a domain rename that is in progress).
The directory service binding must be renegotiated due to a change in the server extensions information.
The operation is not allowed on a disabled cross-reference.
Schema update failed: No values for msDS-IntId are available.
Schema update failed: Duplicate msDS-IntId. Retry the operation.
Schema deletion failed: Attribute is used in rDNAttID.
The directory service failed to authorize the request.
The directory service cannot process the script because it is invalid.
The remote create cross-reference operation failed on the domain naming master FSMO. The operation's error is in the extended data.
A cross-reference is in use locally with the same name.
The directory service cannot derive an SPN with which to mutually authenticate the target server because the server's domain has been deleted from the forest.
Writable NCs prevent this DC from demoting.
The requested object has a nonunique identifier and cannot be retrieved.
Insufficient attributes were given to create an object. This object may not exist because it may have been deleted and the garbage already collected.
The group cannot be converted due to attribute restrictions on the requested group type.
Cross-domain moves of nonempty basic application groups is not allowed.
Cross-domain moves of nonempty query-based application groups is not allowed.
The FSMO role ownership could not be verified because its directory partition did not replicate successfully with at least one replication partner.
The target container for a redirection of a well-known object container cannot already be a special container.
The directory service cannot perform the requested operation because a domain rename operation is in progress.
The directory service detected a child partition below the requested partition name. The partition hierarchy must be created in a top down method.
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The requested operation is not allowed on an object under the system container.
The LDAP server's network send queue has filled up because the client is not processing the results of its requests fast enough. No more requests will be processed until the client catches up. If the client does not catch up then it will be disconnected.
The scheduled replication did not take place because the system was too busy to execute the request within the schedule window. The replication queue is overloaded. Consider reducing the number of partners or decreasing the scheduled replication frequency.
At this time, it cannot be determined if the branch replication policy is available on the hub domain controller. Retry at a later time to account for replication latencies.
The site settings object for the specified site does not exist.
The local account store does not contain secret material for the specified account.
Could not find a writable domain controller in the domain.
The server object for the domain controller does not exist.
The NTDS Settings object for the domain controller does not exist.
The requested search operation is not supported for attribute scoped query (ASQ) searches.
A required audit event could not be generated for the operation.
The search flags for the attribute are invalid. The subtree index bit is valid only on single-valued attributes.
The search flags for the attribute are invalid. The tuple index bit is valid only on attributes of Unicode strings.
The functional level of the domain (or forest) cannot be lowered to the requested value.
The operation failed because the SPN value provided for addition/modification is not unique forest-wide.
The operation failed because the UPN value provided for addition/modification is not unique forest-wide.