You add BitLocker Drive Encryption schema updates in an Active Directory directory service forest. After you do this, you receive error messages that resemble the following in the System log on a Microsoft Windows Server 2003-based domain controller:
Error message 1
Event Type: Information Event Source: NTDS General Event Category: DS Schema Event ID: 1464 Date: MM/DD/YYYY Time: 6:18:43 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ComputerName Description: While searching for an index, Active Directory detected that a new index is needed for the following attribute.
Attribute:msFVE-VolumeGuid New index name:INDEX_LP_9A278FB0_2C0A
Error message 2
Event Type: Error Event Source: NTDS General Event Category: DS Schema Event ID: 1136 Date: MM/DD/YYYY Time: 6:20:39 PM User: NT AUTHORITY\ANONYMOUS LOGON Computer: ComputerName Description: Active Directory failed to create an index for the following attribute.
To work around this problem, you must determine which domain controller is the schema operations master, and then remove the containerized index for the msFVE-VolumeGuid schema object and for the msFVE-RecoveryGuid schema object.To do this, follow these steps:
On a domain controller, click Start, click Run, type cmd, and then click OK.
To determine which domain controller is the schema operations master, type the following command at the command prompt, and then press ENTER:
netdom query fsmo
Log on to the domain controller that is hosting the schema operations master role by using an account that is a member of the Schema Admins security group.
Note By default, the built-in Administrator account in the root domain of the forest is a member of the Schema Admins group.
Click Start, click Run, type adsiedit.msc, and then click OK.
Note The ADSIEdit Microsoft Management Console (MMC) snap-in is included in the Windows Support Tools for Windows Server 2003. To download the Windows Support Tools for Windows Server 2003 with Service Pack 1, visit the following Microsoft Web site:
Open the Schema container, and then open the folder that contains the schema objects.
Double-click the msFVE-RecoveryGuid schema object.
In the schema object dialog box, click searchFlags, and then click Edit.
In the Integer Attribute Editor dialog box, change the value from 27 to 25, and then click OK two times.
Repeat steps 6 through 8 for the msFVE-VolumeGuid schema objects.
Note A container index is specified in the SearchFlags attribute of an Active Directory AttributeSchema object. When you update the SearchFlags attribute to remove the container index, you do not affect BitLocker Drive Encryption functionality.
For more information about how Active Directory searches work, visit the following Microsoft Web site:
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86), Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition