Active Directory : Failed to create an index for the following attribute msFVE-RecoveryGuid

By | October 25, 2011

On a multi DC (Windows 2003 – 2008) Active Directory, you may encounter the following NTDS event :

Active Directory failed to create an index for the following attribute.

Attribute identifier:
Attribute name:

A schema cache update will occur 5 minutes after the logging of this event and will attempt to create an index for the attribute.

Additional Data
Error value:
-1403 JET_errIndexDuplicate, Index is already defined

This is probably caused by a recently added DC running Windows Server 2008, attempting to do a scheme update on the forest to add BitLocker Drive Encryption.

Unfortunately, this feature is not supported by Windows Server 2003.

Here is a workaround to solve this problem – First, find out which DC is propagating this policy (type the following in the command prompt) :

Then, logon in the domain controller causing this and do the following :

– Start / Run; adsiedit.msc
– Open the Schema container and copy the container that contain the schema objects
– Then, click searchFlags and then Edit
– In the Integer Attribute Editor, change the value 27 to 25
– Repeat again step the three latest steps for msFVE-VolumeGuid objects.