Synchronize directory service data (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008

This check reports domain accounts with rights to synchronize directory service data. This check is relevant only on domain controllers. You can use the name list to exclude or include users or security groups that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Synchronize directory service data

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_SYNC_DIRECTORY_SERVICE

Category: Policy Compliance

  • Windows 2000 (105957)

  • Windows 2003 (205957)

  • Windows 2008 (248957)

Title: Synchronize directory service data

Description:The user or security group has the right to synchronize directory service data. This user right is relevant only on domain controllers. If the right is authorized, edit the check's name list. If the right is not authorized, use the Correct feature to revoke it.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

[an error occurred while processing this directive]