ADAM General Event ID 1168 is logged on an AD LDS server that's running Windows Server 2012 R2

Symptoms

Assume that the service account that's running the Active Directory Lightweight Directory Services (AD LDS) instance in Windows Server 2012 R2 is not the built-in Network Service account or any other user account that has local administrator rights. In this situation, the following event may be written to the ADAM log: 

Cause

This ADAM event is logged because AD LDS has to respond to auditing policy changes and tries to register a notification that uses a call to LSA. The event reports the failure of this subscription call if the service account is not either Network Service or a local admin account. In this situation, the account has no POLICY_NOTIFICATION rights. Despite this failure, AD LDS should work as expected. However, AD LDS requires a service restart to respond to auditing policy changes. 

Note If the event stops appearing as soon as you change the service account to a local admin user account and restart the service, you're probably experiencing the issue that's described in the "Symptoms" section. 

More Information

Local admin users have POLICY_NOTIFICATION rights. Additionally, LSA explicitly grants NetworkService/LocalService the same rights. Therefore, when LDS runs under a local admin user account or the NetworkService/LocalService account, this issue does not occur.

For more information about the AD LDS Service Account, see Selecting an AD LDS service account.
Properties

Article ID: 3080831 - Last Review: Aug 20, 2015 - Revision: 1

Feedback