Resolution
Directory and Resource Administrator 6.60
symptom
The Administration Server service crashes after attempting an Incremental Cache refresh of a trusted domain
cause
The cause of the crash, is a logic error in accounts provider.
fix
If a Domain cache refresh runs and the Domain Cache Refresh is not able to verify the permissions of the service account in the trusted domain , the DCbind information associated with the domain will not be available. When an Account Cache Refresh runs, it starts off with no DCbind information and the Account Cache Refresh will fail to determine DCbind information as well. However, the failure can occur in such that data will still attempt to be copied from the DcDomCntrlInfo structure back into the domain which causes the crash to occur.
To avoid this type of crash in Directory and Resource Administrator 6.6 perform one of the following:
- Specify override for the trusted domain that is a member of the local Administrators group in the trusted domain.
- Omit the trusted domain from the cache (the implication is that group memberships lists will not include objects/groups from that domain)
- Disable incremental cache refreshes for the trusted domain.
This issue is resolved in Directory and Resource Administrator 7.0 and later. DRA 7.0 resolves this issue by adding checks to make sure that the bind to the domain is successful before copying the domain controller data into cache.