Share via


Project Active Directory nested foreign security principal could not be resolved

 

Applies to: Project Server 2013, Project Server 2010

Topic Last Modified: 2013-12-18

Element ID / Rule Name:   Project_Active_Directory_Nested_Foreign_Security_Principal_Could_Not_Be_Resolved

Summary:   During synchronization with the Active Directory directory service, Microsoft Project Server could not resolve a nested Active Directory foreign security principal. The foreign security principal could be either a user or a group residing in a remote Active Directory forest or external domain.However, this warning message does verify that the top-level Active Directory group was resolved. This means that communication between the Project Server application server that initiated the Active Directory synchronization and the Active Directory domain or forest to which the top-level Active Directory group belongs was successfully established. However, the foreign security principal listed in the Windows Server event log cannot be resolved. Active Directory synchronization was tagged for partial failure.

Cause:   Possible causes include the following:

  • The Active Directory group no longer exists in the Active Directory store. For example, the group may have been deleted by an administrator.

  • The Project Server application server's SharePoint Service Account (SA) account does not have read access to the Active Directory group or user object listed in the Windows Server event log.

  • A communication problem exists between Project Server and the Active Directory domain in which the Active Directory group or user object resides.

Possible resolutions include the following:

  • Verify that at least one Active Directory group exists in the Active Directory store with the same Active Directory GUID that is stored in the Project Server application server.

  • Use the Active Directory Service Interfaces (ADSI) Edit tool to check security permissions on individual Active Directory group and user objects. The SA account must be able to read all Active Directory group and user objects that are involved in the synchronization process.

    Note

    The ADSI Edit tool is available for Windows Server 2008 when you install the Active Directory Domain Services (AD DS) role to make a server a domain controller. It is also available as a part of the Remote Server Administration Tools (RSAT) kit available. See Installing or Removing the Remote Server Administration Tools Pack (https://go.microsoft.com/fwlink/p/?LinkId=143345) in the TechNet Library.

  • Ensure that the local Active Directory forest or domain has access to the remote Active Directory forest or domain on which the foreign security principal resides.

See Also

Other Resources

Project Active Directory connection failed
Project Active Directory exception occurred during synchronization
Project Active Directory nested foreign security principal could not be resolved
Project Active Directory nested object could not be resolved
Project Active Directory PWA group could not be resolved
Project Active Directory top-level group has no members
Project Creating Report Center Web failed
Project Cube Build Service Analysis Services server connection failure
Project Cube Build Service Analysis Services server lock time out
Project Cube Build Service attempt to overwrite failed
Project Cube Build Service Decision Support Object is not installed
Project notification XSLT transformation error
Project Failure creating a Project workspace
Project General Data Access Layer error connecting to database
Project General Data Access Layer error while getting connection strings
Project notification e-mail delivery failed
Project notification XSLT transformation error
Project Queue general percentage SQL retries per day
Project Queue general percentage SQL retries per hour
Project Queue jobs average wait time per day
Project queue jobs percentage jobs failed per day
Project queue jobs percentage failed per hour
Project Queue System restarting due to unexpected error
Project Reporting server side event has failed
Project Server event handler could not be found
Project Server event service could not be found
Project SQL user view refresh message was not queued
Project user view was truncated
Project Windows SharePoint Services format error
Project Winproj average time taken for project open
Project Winproj average percentage of incremental save to full save
Project workspace user synchronization failed