LS User Replicator Event 30011

Here’s a quick little fix for an issue seen at a customer.

They have an empty forest root domain, as this was once considered good practice for security reasons (to protect the schema and isolate highly privileged accounts/groups such as Enterprise Admins) and they have stuck with it since. Lync is deployed in the child domain, with no rights into the root.

They were seeing an error like the following the the event logs, every 20 minutes:

Log Name: Lync Server
Source: LS User Replicator
Date: 08/08/2013 14:18:56
Event ID: 30011
Task Category: (1009)
Level: Error
Keywords: Classic
User: N/A

Encountered an unrecognized error while processing objects from a domain. This error caused User Replicator to abort synchronization of this domain. Synchronization will be retried for this domain. If this domain is not enabled for Lync Server, then this error can be ignored.

Domain: (DN: DC=customer,DC=net) Error: 50 (Insufficient Rights) ReplicationType:AddressBookReplication.
Cause: The cause for this error can vary. Please review the errors listed above.
Resolution: Contact support services if the error is not descriptive enough to remedy the problem.

The reason for the error is that by default, the User Replicator looks for all domains and tries to sync with them. User Replicator is the component that looks at Active Directory and pulls information into the Lync user database, ensuring any changes in AD (such as a user’s display name) are also reflected in Lync. With no rights in the root domain, it cannot read any information and errors.

Easily fixed however, via the Set-CSUserReplicatorConfiguration cmdlet:

Set-CsUserReplicatorConfiguration -Identity global -ADDomainNamingContextList @{Add=”dc=childdom,dc=customer,dc=net”}

Change the last part to reflect the distinguishedName (DN) of your user domain(s). By default, the list of contexts is empty – setting one or more will tell the User Replicator to just look at those.