We had quite an issue with replication in our Active Director environment this past week. We suddenly were hit with tons of events in the event log with event ID 1694 where it said:
Replication Error 8203 “The attribute syntax specified to the directory service is invalid.”
This error means that there is an attribute set on an object somehwere in Active Directory is not valid. That could mean that there is a strange character somehwere, or an attribute that requires a Distinguised Name being set with a string.
To fix this problem, we pulled more data from those events. Each event tells you the attribue that is problematic. In our case, the log it was the “manager” attribute.
While the log didn’t specify a username with the issue, it did specify a GUID. we can use the following PowerShell command to find the user object.
Get-ADUser -Identity {GUID}
Once you find the user, open the user in Active Directory, and correct the attribute.
In our case, the “manager” field had a strange blank character. We simply clicked “Clear” to clear it out, and the field then said “<not set>” as it should.
Once every one of the problematic accounts were updated, replication resumed as normal.
FAQ
How do I find blank characters set in Active Directory attributes?
We ran the following PowerShell script on each of our Domain Controllers to reveal which objects had a black character in the attribute.
Get-ADObject -Server $_.Name -LDAPfilter '(manager=\20)'
You can also query all domain controllers.
You Might Also Like
How to Add or Delete Printers in Active Directory
How to Add Active Directory Schema Snap-In- How to Make Active Directory Replicate Instantly
- How to Find Computer Locking Active Directory Account
- Use Active Directory Domain Services to Block Website
- Windows 10 & 8: Install Active Directory Users and Computers
- Active Directory: How to Check Domain and Forest…
Error “Cannot Delete folder: The directory is not empty” Fix
Did this help? Let us know!