Directory and Resource Administrator 7.x
The NetIQ 'Administration Server' service triggers an exception when creating computers in a Microsoft Windows 2000 domain.
The following event is generated in the System logs of the Administration Server when creating computer accounts:
Event Type: Information
Event Source: DrWatson
Event Category: None
Event ID: 4097
Time: 3:16:04 PM
Computer: DRA Server
The application, , generated an application error The error occurred on 07/02/2004 @ 15:16:04.430 The exception generated was c0000005 at address 7C0013D6 (wcscpy)
For more information, see Help and Support Center at
0000: 0d 0a 0d 0a 41 70 70 6c ....Appl
0008: 69 63 61 74 69 6f 6e 20 ication
0010: 65 78 63 65 70 74 69 6f exceptio
0018: 6e 20 6f 63 63 75 72 72 n occurr
This can be due to the Domain Admins group being in an Organizational Unit (OU) that was denied access by the NetIQ Administration Server Service Account.
By default, the Domain Admins group is what gets set as "Who can join the computer to the domain" when creating a computer account in Active Directory. If the Domain Admins group is placed into an Organizational Unit (OU) where the Service account cannot enumerate the object, then the $McsCanBeJoinedBy value is VT_EMPTY. Since the Domain Admins group is not in the the cache, it attempts to set a null value on who can join the computer to the domain. This causes the exception to be triggered. To resolve:
- Place the Domain Admins group in an OU that can be enumerated by DRA.
- Use a script to set 'Who can join the computer to the domain' to a user or group other than the Domain Admins group.