Error: [7430]E20805: SID History for Username cannot be updated because auditing is not enabled on s (NETIQKB15834)

  • Document ID:7715834
  • Creation Date:02-Feb-2007
  • Modified Date:08-Oct-2007
    • Micro Focus Products:
      Domain Migration Administrator

Resolution

fact
Domain Migration Administrator 6.x

fact
Domain Migration Administrator 7.x

symptom

Error: '[7430]E20805: SID History for Username cannot be updated because auditing is not enabled on source (or target) domain controller. rc=8552. This operation requires that auditing be enabled for success and failure of account management operations'.



cause
Auditing for success and failure has not been enabled on the source and/or target domain controllers security policy.  Auditing must be enabled for success AND failure of account management in order to migrate accounts with Sid History. If auditing is enabled for only success or failure, or neither, this error will be returned. 

fix

Set auditing on the source and target domains for success and failure events.

To enable account management auditing on a Windows NT computer:

  1. Open User Manager for Domains.
  2. On the Policies menu, click Audit.
  3. Select Audit These Events.

  4. For User and Group Management, check Success and Failure.
  5. Click OK.

To enable account management auditing on a Windows 2000/2003 computer:

  1. Open Active Directory Users and Computers.
  2. Select the Domain Controllers container in the target domain.
  3. On the Action menu, click Properties.
  4. Click the Group Policy tab.
  5. Select the Default Domain Controllers Policy and click Edit.
  6. In the left pane of the Group Policy window, expand 'Computer Configuration'.
  7. Expand 'Windows Settings'.
  8. Expand 'Security Settings'.
  9. Expand 'Local Policies'.
  10. Expand 'Audit Policy'.
  11. In the right pane, select audit account management.
  12. On the Action menu, click Security.
  13. Check Define these policy settings.
  14. Check both Success and Failure, and then click OK.
  15. Close the Group Policy window and close Active Directory Users and Computers.

To enforce the policy immediately, restart the domain controller. You can also wait for the domain controller to automatically refresh group policy



Additional Information

Formerly known as NETIQKB15834