| 1 | Security Accounts Manager |
Security Accounts Manager |
| 2 | 启动此服务将向其他服务发出信号: 安全帐户管理器(SAM)已准备就绪,可以接受请求。禁用此服务将导致在 SAM 准备就绪时,无法通知系统中的其他服务,从而可能导致这些服务无法正确启动。不应禁用此服务。 |
The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled. |
| 0x2000 | Administrator |
Administrator |
| 0x2001 | Guest |
Guest |
| 0x2002 | Domain Admins |
Domain Admins |
| 0x2003 | Domain Users |
Domain Users |
| 0x2004 | None |
None |
| 0x2005 | Administrators |
Administrators |
| 0x2006 | Server Operators |
Server Operators |
| 0x2007 | Power Users |
Power Users |
| 0x2008 | Users |
Users |
| 0x2009 | Guests |
Guests |
| 0x200A | Account Operators |
Account Operators |
| 0x200B | Print Operators |
Print Operators |
| 0x200C | Backup Operators |
Backup Operators |
| 0x200D | Replicator |
Replicator |
| 0x200E | Domain Guests |
Domain Guests |
| 0x200F | $AccountNameConflict%1 |
$AccountNameConflict%1 |
| 0x2010 | krbtgt |
krbtgt |
| 0x2011 | Domain Computers |
Domain Computers |
| 0x2012 | Domain Controllers |
Domain Controllers |
| 0x2013 | Schema Admins |
Schema Admins |
| 0x2014 | Cert Publishers |
Cert Publishers |
| 0x2015 | Enterprise Admins |
Enterprise Admins |
| 0x2016 | RAS and IAS Servers |
RAS and IAS Servers |
| 0x2017 | Group Policy Creator Owners |
Group Policy Creator Owners |
| 0x2018 | Pre-Windows 2000 Compatible Access |
Pre-Windows 2000 Compatible Access |
| 0x2019 | Everyone |
Everyone |
| 0x201A | Remote Desktop Users |
Remote Desktop Users |
| 0x201C | Anonymous Logon |
Anonymous Logon |
| 0x201D | Network Configuration Operators |
Network Configuration Operators |
| 0x201E | Incoming Forest Trust Builders |
Incoming Forest Trust Builders |
| 0x201F | Performance Monitor Users |
Performance Monitor Users |
| 0x2020 | Performance Log Users |
Performance Log Users |
| 0x2021 | Windows Authorization Access Group |
Windows Authorization Access Group |
| 0x2022 | Network Service |
Network Service |
| 0x2023 | Enterprise Domain Controllers |
Enterprise Domain Controllers |
| 0x2024 | Terminal Server License Servers |
Terminal Server License Servers |
| 0x2025 | Trusted Installers |
Trusted Installers |
| 0x2026 | Distributed COM Users |
Distributed COM Users |
| 0x2027 | IIS_IUSRS |
IIS_IUSRS |
| 0x202A | Cryptographic Operators |
Cryptographic Operators |
| 0x202B | INTERNET USER |
INTERNET USER |
| 0x202D | Allowed RODC Password Replication Group |
Allowed RODC Password Replication Group |
| 0x202E | Denied RODC Password Replication Group |
Denied RODC Password Replication Group |
| 0x202F | Read-only Domain Controllers |
Read-only Domain Controllers |
| 0x2030 | Enterprise Read-only Domain Controllers |
Enterprise Read-only Domain Controllers |
| 0x2031 | Event Log Readers |
Event Log Readers |
| 0x2032 | Certificate Service DCOM Access |
Certificate Service DCOM Access |
| 0x2033 | RDS Remote Access Servers |
RDS Remote Access Servers |
| 0x2034 | RDS Endpoint Servers |
RDS Endpoint Servers |
| 0x2035 | RDS Management Servers |
RDS Management Servers |
| 0x2036 | Hyper-V Administrators |
Hyper-V Administrators |
| 0x2037 | Cloneable Domain Controllers |
Cloneable Domain Controllers |
| 0x2038 | Access Control Assistance Operators |
Access Control Assistance Operators |
| 0x2039 | Remote Management Users |
Remote Management Users |
| 0x203A | DefaultAccount |
DefaultAccount |
| 0x203B | System Managed Accounts Group |
System Managed Accounts Group |
| 0x2100 | 管理计算机(域)的内置帐户 |
Built-in account for administering the computer/domain |
| 0x2101 | 供来宾访问计算机或访问域的内置帐户 |
Built-in account for guest access to the computer/domain |
| 0x2102 | 指定的域管理员 |
Designated administrators of the domain |
| 0x2103 | 所有域用户 |
All domain users |
| 0x2104 | 一般用户 |
Ordinary users |
| 0x2105 | 管理员对计算机/域有不受限制的完全访问权 |
Administrators have complete and unrestricted access to the computer/domain |
| 0x2106 | 成员可以管理域服务器 |
Members can administer domain servers |
| 0x2107 | 包括高级用户以向下兼容,高级用户拥有有限的管理权限 |
Power Users are included for backwards compatibility and possess limited administrative powers |
| 0x2108 | 防止用户进行有意或无意的系统范围的更改,但是可以运行大部分应用程序 |
Users are prevented from making accidental or intentional system-wide changes and can run most applications |
| 0x2109 | 按默认值,来宾跟用户组的成员有同等访问权,但来宾帐户的限制更多 |
Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted |
| 0x210A | 成员可以管理域用户和组帐户 |
Members can administer domain user and group accounts |
| 0x210B | 成员可以管理在域控制器上安装的打印机 |
Members can administer printers installed on domain controllers |
| 0x210C | 备份操作员为了备份或还原文件可以替代安全限制 |
Backup Operators can override security restrictions for the sole purpose of backing up or restoring files |
| 0x210D | 支持域中的文件复制 |
Supports file replication in a domain |
| 0x210E | 域的所有来宾 |
All domain guests |
| 0x210F | 密钥发行中心服务帐户 |
Key Distribution Center Service Account |
| 0x2110 | 加入到域中的所有工作站和服务器 |
All workstations and servers joined to the domain |
| 0x2111 | 域中所有域控制器 |
All domain controllers in the domain |
| 0x2112 | 架构的指定系统管理员 |
Designated administrators of the schema |
| 0x2113 | 此组的成员被允许发布证书到目录 |
Members of this group are permitted to publish certificates to the directory |
| 0x2114 | 企业的指定系统管理员 |
Designated administrators of the enterprise |
| 0x2115 | 这个组中的服务器可以访问用户的远程访问属性 |
Servers in this group can access remote access properties of users |
| 0x2116 | 这个组中的成员可以修改域的组策略 |
Members in this group can modify group policy for the domain |
| 0x2117 | 允许访问在域中所有用户和组的读取访问反向兼容组。 |
A backward compatibility group which allows read access on all users and groups in the domain |
| 0x2118 | 此组中的成员被授予远程登录的权限 |
Members in this group are granted the right to logon remotely |
| 0x2119 | 管理员对此计算机有完全的和不受限制的访问权限 |
Administrators have complete and unrestricted access to the computer |
| 0x211A | 此组中的成员有部分管理权限来管理网络功能的配置 |
Members in this group can have some administrative privileges to manage configuration of networking features |
| 0x211B | 此组的成员可以创建到此林的传入、单向信任 |
Members of this group can create incoming, one-way trusts to this forest |
| 0x211C | 此组的成员可以从本地和远程访问性能计数器数据 |
Members of this group can access performance counter data locally and remotely |
| 0x211D | 该组中的成员可以计划进行性能计数器日志记录、启用跟踪记录提供程序,以及在本地或通过远程访问此计算机来收集事件跟踪记录 |
Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer |
| 0x211E | 此组的成员可以访问 User 对象上经过计算的 tokenGroupsGlobalAndUniversal 属性 |
Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects |
| 0x211F | 此组的成员可以使用有关许可证颁发的信息更新 Active Directory 中的用户帐户,以进行跟踪和报告 TS 每用户 CAL 使用情况 |
Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage |
| 0x2120 | 已授权此组中的成员安装软件 |
Members in this group are granted the right to install software |
| 0x2121 | 成员允许启动、激活和使用此计算机上的分布式 COM 对象。 |
Members are allowed to launch, activate and use Distributed COM objects on this machine. |
| 0x2122 | Internet 信息服务使用的内置组。 |
Built-in group used by Internet Information Services. |
| 0x2125 | 授权成员执行加密操作。 |
Members are authorized to perform cryptographic operations. |
| 0x2127 | 允许将此组中成员的密码复制到域中的所有只读域控制器 |
Members in this group can have their passwords replicated to all read-only domain controllers in the domain |
| 0x2128 | 不允许将此组中成员的密码复制到域中的所有只读域控制器 |
Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain |
| 0x2129 | 此组中的成员是域中只读域控制器 |
Members of this group are Read-Only Domain Controllers in the domain |
| 0x212A | 此组的成员可以从本地计算机中读取事件日志 |
Members of this group can read event logs from local machine |
| 0x212B | 该组的成员是企业中的只读域控制器 |
Members of this group are Read-Only Domain Controllers in the enterprise |
| 0x212C | 允许该组的成员连接到企业中的证书颁发机构 |
Members of this group are allowed to connect to Certification Authorities in the enterprise |
| 0x212D | 此组中的服务器使 RemoteApp 程序和个人虚拟桌面用户能够访问这些资源。在面向 Internet 的部署中,这些服务器通常部署在边缘网络中。需要将此组填充到运行 RD 连接代理的服务器上。在部署中使用的 RD 网关服务器和 RD Web 访问服务器需要位于此组中。 |
Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group. |
| 0x212F | 此组中的服务器运行虚拟机和主机会话,用户 RemoteApp 程序和个人虚拟桌面将在这些虚拟机和会话中运行。需要将此组填充到运行 RD 连接代理的服务器上。在部署中使用的 RD 会话主机服务器和 RD 虚拟化主机服务器需要位于此组中。 |
Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group. |
| 0x2130 | 此组中的服务器可以在运行远程桌面服务的服务器上执行例程管理操作。需要将此组填充到远程桌面服务部署中的所有服务器上。必须将运行 RDS 中心管理服务的服务器包括到此组中。 |
Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group. |
| 0x2131 | 此组的成员拥有对 Hyper-V 所有功能的完全且不受限制的访问权限。 |
Members of this group have complete and unrestricted access to all features of Hyper-V. |
| 0x2132 | 可以克隆此组中作为域控制器的成员。 |
Members of this group that are domain controllers may be cloned. |
| 0x2133 | 此组的成员可以远程查询此计算机上资源的授权属性和权限。 |
Members of this group can remotely query authorization attributes and permissions for resources on this computer. |
| 0x2134 | 此组的成员可以通过管理协议(例如,通过 Windows 远程管理服务实现的 WS-Management)访问 WMI 资源。这仅适用于授予用户访问权限的 WMI 命名空间。 |
Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. |
| 0x2135 | Protected Users |
Protected Users |
| 0x2136 | 此组的成员将受到针对身份验证安全威胁的额外保护。有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=298939。 |
Members of this group are afforded additional protections against authentication security threats. See http://go.microsoft.com/fwlink/?LinkId=298939 for more information. |
| 0x2137 | 系统管理的用户帐户。 |
A user account managed by the system. |
| 0x2138 | 此组的成员由系统管理。 |
Members of this group are managed by the system. |
| 0x2139 | Storage Replica Administrators |
Storage Replica Administrators |
| 0x213A | 此组的成员具有存储副本所有功能的不受限的完全访问权限。 |
Members of this group have complete and unrestricted access to all features of Storage Replica. |
| 0x213B | Key Admins |
Key Admins |
| 0x213C | 此组的成员可以对域中的密钥对象执行管理操作。 |
Members of this group can perform administrative actions on key objects within the domain. |
| 0x213D | Enterprise Key Admins |
Enterprise Key Admins |
| 0x213E | 此组的成员可以对林中的密钥对象执行管理操作。 |
Members of this group can perform administrative actions on key objects within the forest. |
| 0x00003000 | SAM 无法更改数据库。很可能是因为内存或磁盘空间不足。SAM 数据库会被还原为先前状态。最近的更改都会丢失。请检查可用磁盘空间和页面文件大小设置的最大值。 |
SAM failed to write changes to the database. This is most likely due to a memory or disk-space shortage. The SAM database will be restored to an earlier state. Recent changes will be lost. Check the disk-space available and maximum pagefile size setting. |
| 0x00003001 | SAM 无法将数据库还原为先前状态。SAM 已经关闭。你必须重新启动计算机,才能重新启用 SAM。 |
SAM failed to restore the database to an earlier state. SAM has shutdown. You must reboot the machine to re-enable SAM. |
| 0x00003003 | SAM 启动 TCP/IP 或 SPX/IPX 侦听线程失败。 |
SAM failed to start the TCP/IP or SPX/IPX listening thread |
| 0x00003005 | 在 SAM 数据库中有两个以上的对象有同样的 SID 属性。该帐户的可分辨名称为 %1。已删除了所有 重复帐户。要找其他重复,请检查事件日志。 |
There are two or more objects that have the same SID attribute in the SAM database. The Distinguished Name of the account is %1. All duplicate accounts have been deleted. Check the event log for additional duplicates. |
| 0x00003006 | 由于资源错误,如硬盘写失败(该特定错误代码在错误数据中),SAM 数据库无法锁定 %1 的帐户。密码输入次数达到一定值时,帐户及会被锁定,请考虑重置上述帐户的密码。 |
The SAM database was unable to lockout the account of %1 due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above. |
| 0x00003007 | 由于不再使用其中包含的帐户信息,SAM 数据库试图删除文件 %1。错误在记录数据中。请让管理员删除这个文件。 |
The SAM database attempted to delete the file %1 as it contains account information that is no longer used. The error is in the record data. Please have an administrator delete this file. |
| 0x00003008 | SAM 数据库试图清除目录 %1 以便删除目录服务以前用于过的文件。错误在记录数据中。请让管理员删除这些文件。 |
The SAM database attempted to clear the directory %1 in order to remove files that were once used by the Directory Service. The error is in record data. Please have an admin delete these files. |
| 0x00003009 | %1 现在是域的主要域控制器。 |
%1 is now the primary domain controller for the domain. |
| 0x0000300A | 无法将帐户 %1 转换为域控制器帐户,原因是其在目录中的对象类别属性不是计算机或不是从计算机派生的。如果这是由于在 Windows 2000 或更新版本的域中尝试安装一个 Windows 2000 之前版本的域控制器所导致,那么你应该预先针对域控制器创建具有正确对象类别的帐户。 |
The account %1 cannot be converted to be a domain controller account as its object class attribute in the directory is not computer or is not derived from computer. If this is caused by an attempt to install a pre Windows 2000 domain controller in a Windows 2000 domain or later, then you should pre-create the account for the domain controller with the correct object class. |
| 0x0000300B | 检查组缓存是否在安全帐户管理器中启用的尝试失败,很可能是因为资源不足所引起。此任务被重新计划为在一分钟内运行。 |
The attempt to check whether group caching has been enabled in the Security Accounts Manager has failed, most likely due to lack of resources. This task has been rescheduled to run in one minute. |
| 0x0000300C | 在安全帐户管理器中的组缓存选项现在被正确升级。组缓存被启用。 |
The group caching option in the Security Accounts Manager has now been properly updated. Group caching is enabled. |
| 0x0000300D | 在安全帐户管理器中的组缓存选项现在被正确升级。组缓存被禁用。 |
The group caching option in the Security Accounts Manager has now been properly updated. Group caching is disabled. |
| 0x0000300E | %1 包为用户 %2 更新额外的凭证失败。错误代码在事件日志消息的数据中。 |
The %1 package failed to update additional credentials for user %2. The error code is in the data of the event log message. |
| 0x0000300F | 有两个或两个以上的知名对象在 SAM 数据库中有相同的 SID 属性。重复帐户的可分辨名称为 %1。将保留新的帐户,所有旧的重复帐户都已经被删除。请检查事件日志以了解是否还有其他重复的。 |
There are two or more well known objects that have the same SID attribute in the SAM database. The Distinguished Name of the duplicate account is %1. The newest account will be kept, all older duplicate accounts have been deleted. Check the event log for additional duplicates. |
| 0x00003010 | 在 SAM 数据库中有两个以上的对象具有相同的帐户名属性。系统已经自动将对象 %1 重命名为系统指定的帐户名 %2。 |
There are two or more objects that have the same account name attribute in the SAM database. The system has automatically renamed object %1 to a system assigned account name %2. |
| 0x00003011 | 创建此域的新默认帐户时出错。这可能是由于暂时的错误状态所致。此任务将周期性重试,直到成功为止;如果问题持续存在,将在一星期内再次记录此消息。 |
An error occurred while creating new default accounts for this domain. This maybe due to a transient error condition. The task will retry periodically until success and will log this message again in a week if the problem persists. |
| 0x00004000 | 由于有另一个帐户具有相同名称,帐户 %1 未能被升级。 |
The account %1 could not be upgraded since there is an account with an equivalent name. |
| 0x00004001 | 升级用户 %1 时出现了一个错误。需要在重新启动时手动添加该帐户。 |
An error occurred upgrading user %1. This account will have to be added manually upon reboot. |
| 0x00004002 | 从旧的数据库读取用户对象时发生错误。 |
An error occurred trying to read a user object from the old database. |
| 0x00004003 | 升级别名 %1 时出现了一个错误。需要在重新启动时手动添加该帐户。 |
An error occurred upgrading alias %1. This account will have to be added manually upon reboot. |
| 0x00004004 | 试着从旧的数据库读取别名对象时出错。 |
An error occurred trying to read an alias object from the old database. |
| 0x00004005 | 升级组 %1 时出现了一个错误。需要在重新启动时手动添加该帐户。 |
An error occurred upgrading group %1. This account will have to be added manually upon reboot. |
| 0x00004006 | 试着从旧的数据库读取组对象时出错。 |
An error occurred trying to read a group object from the old database. |
| 0x00004007 | 试着将帐户 %1 添加为别名 %2 时出错。你必须在重新启动时手动添加这个帐户。 |
An error occurred trying to add account %1 to alias %2. This account will have to be added manually upon reboot. |
| 0x00004008 | 无法将含 sid %1 的帐户添加到组 %2。 |
The account with the sid %1 could not be added to group %2. |
| 0x00004009 | 试图将用户 %1 添加到组 %2 时出现了一个错误。需要在重新启动时手动添加该帐户。 |
An error occurred trying to add account %1 to group %2. This account will have to be added manually upon reboot. |
| 0x0000400A | 无法将含 rid %1 的帐户添加到组 %2。 |
The account with the rid %1 could not be added to group %2. |
| 0x0000400B | 试图将 SAM 帐户数据库传送到目录服务时,出现了一个严重错误。可能是因为 SAM 帐户数据库已损坏。 |
A fatal error occurred trying to transfer the SAM account database into the directory service. A possible reason is the SAM account database is corrupt. |
| 0x0000400C | 帐户 krbtgt 被重新命名为 %1,以允许安装 Kerberos 安全包。 |
The account krbtgt was renamed to %1 to allow the Kerberos security package to install. |
| 0x0000400E | 升级 SAM 用户的 User_Parameters 属性时,出现了一个错误。以下通知包 DLL 可能是导致错误的因素: %1。请检查 NT 错误代码的该事件记录数据。 |
An error occurred trying to upgrade a SAM user's User_Parameters attribute. The following Notification Package DLL might be the possible offender: %1. Check the record data of this event for the NT error code. |
| 0x0000400F | 为该用户设置 User Parameters 属性时,出现了一个错误。该操作没有成功。请检查 NT 错误代码的该事件记录数据。 |
An error occured trying to set User Parameters attribute for this user This operation is failed. Check the record data of this event for the NT error code. |
| 0x00004010 | 尝试升级以下 SAM 用户对象 - %1 时出现了错误。我们将继续升级该用户。但其可能包含不一致的数据。请检查该事件的记录数据以了解 NT 错误代码。 |
An error occured trying to upgrade the following SAM User Object - %1. We will try to continue upgrading this user. But it might contain inconsistent data. Check the record data of this event for the NT error code. |
| 0x00004011 | 将帐户 %1 添加到组 %2 时,出现了一个错误。打开组时,出现了问题 \"%3\"。请手动添加帐号。 |
An error occurred when trying to add the account %1 to the group %2. The problem, \"%3\", occurred when trying to open the group. Please add the account manually. |
| 0x00004012 | 将帐户 %1 添加到组 %2 时,出现了一个错误。将帐户添加到组时,出现了问题 \"%3\"。请手动添加帐号。 |
An error occurred when trying to add the account %1 to the group %2. The problem, \"%3\", occurred when trying to add the account to the group. Please add the account manually. |
| 0x00004013 | 创建已知帐户 %1 时,出现了错误 \"%2\"。请与 PSS 联系,进行恢复操作。 |
The error \"%2\" occurred when trying to create the well known account %1. Please contact PSS to recover. |
| 0x00004015 | 安装目录服务期间,这个服务器的机器帐户被删除,因此该域控制器无法启动。 |
During the installation of the Directory Service, this server's machine account was deleted hence preventing this Domain Controller from starting up. |
| 0x00004016 | 安全帐户数据库检测到众所周知的帐户 %1 不存在。帐户被重新创建。请为此帐户重置密码。 |
The Security Account Database detected that the well known account %1 does not exist. The account has been recreated. Please reset the password for the account. |
| 0x00004017 | 安全帐户数据库检测到已知组或本地组 %1 不存在。已重新创建该组。 |
The Security Account Database detected that the well known group or local group %1 does not exist. The group has been recreated. |
| 0x00004018 | 域操作模式被更改为纯模式。此更改不可逆。 |
Domain operation mode has been changed to Native Mode. The change cannot be reversed. |
| 0x00004019 | Active Directory 域服务未能将安全主体添加到已知的安全主体容器。如果需要,请让管理员添加此安全主体。安全主体名称: %1 |
Active Directory Domain Services failed to add a security principal to well known security principals container. Please have an administrator add this security principal if needed. Security principal name: %1 |
| 0x0000401A | Active Directory 域服务未能将所有新安全主体添加到已知的安全主体容器。如果需要,请让管理员添加这些安全主体。 |
Active Directory Domain Services failed to add all of the new security principals to well known security principals container. Please have an administrator add these security principals if needed. |
| 0x0000401B | Active Directory 域服务无法重命名已知安全原则容器中的安全原则。如果需要,请管理员重新命名此安全原则。安全原则名称: %1 |
Active Directory Domain Services failed to rename a security principal in well known security principals container. Please have an administrator rename this security principal if needed. Security principal name: %1 |
| 0x0000401C | Active Directory 域服务无法重新命名已知安全原则容器中的某些安全原则。如果需要,请管理员重新命名这些安全原则。 |
Active Directory Domain Services failed to rename some of the security principals in well known security principals container. Please have an administrator rename these security principals if needed. |
| 0x0000401D | 尝试从组 %2 中删除帐户 %1 时出现错误。尝试从该组中删除此帐户时出现问题“%3”。请手动删除该成员。 |
An error occurred when trying to remove the account %1 from the group %2. The problem, \"%3\", occurred when trying to remove the account from the group. Please remove the member manually. |
| 0x00004102 | 帐户标识符分配器未能指派新的标识号。该域控制器的标识符池可能已被用完。如果该问题继续存在,重新启动域控制器,在事件日志中查看分配器的初始化状态。 |
The account-identifier allocator was unable to assign a new identifier. The identifier pool for this domain controller may have been depleted. If this problem persists, restart the domain controller and view the initialization status of the allocator in the event log. |
| 0x00004103 | 初始帐户标识符池尚未分配给该域控制器。这可能是因为域控制器未能与主域控制器取得联系,也许是由于连接或网络问题。在取得池之前,在该域控制器上所作的帐户创建都会失败。 |
An initial account-identifier pool has not yet been allocated to this domain controller. A possible reason for this is that the domain controller has been unable to contact the master domain controller, possibly due to connectivity or network problems. Account creation will fail on this domain controller until the pool is obtained. |
| 0x00004104 | 已达到域帐户标识符数值的最大值。不能再给该域中的域控制器分配帐户标识符池了。 |
The maximum domain account identifier value has been reached. No further account-identifier pools can be allocated to domain controllers in this domain. |
| 0x00004105 | 给该域控制器已分配了最大值的帐户标识符。域控制器未能获取一个新的标识符池。这可能是因为域控制器未能与主域控制器取得联系。在分配一个新的池之前,在该控制器上所作的帐户创建都会失败。在域中可能有网络或连接问题,或者主域控制器处于脱机状态或不在域中。请确认主域控制器在运行并与域连接。 |
The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain. |
| 0x00004106 | 计算帐户标识符无效,因为它在属于该域控制器的目前帐户标识符池的范围之外。此计算机的 RID 值为 %1。请将这个域控制器所有的帐户标识符池设为无效的。这将使域控制器重新获得新的帐户标识符池。 |
The computed account identifier is invalid because it is out of the range of the current account-identifier pool belonging to this domain controller. The computed RID value is %1. Try invalidating the account identifier pool owned by this domain controller. This will make the domain controller acquire a fresh account identifier pool. |
| 0x00004107 | 域控制器正在开始请求一个新的帐户标识符池。 |
The domain controller is starting a request for a new account-identifier pool. |
| 0x00004108 | 新的帐户标识符池的请求操作已成功结束。 |
The request for a new account-identifier pool has completed successfully. |
| 0x00004109 | 帐户标识符管理器对象创建已完成。如果该事件的纪录数据是零,管理器对象已被创建。否则,记录数据将含有表示失败的 NT 错误代码。未能创建对象的原因可能是系统资源不够,内存或磁盘空间不足。 |
The account-identifier-manager object creation completed. If the record data for this event has the value zero, the manager object was created. Otherwise, the record data will contain the NT error code indicating the failure. The failure to create the object may be due to low system resources, insufficient memory, or disk space. |
| 0x0000410B | 请求新帐户标识符池失败。操作会重试,直到成功请求。错误是 %n \" %1 \" |
The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is %n \" %1 \" |
| 0x0000410C | 域控制器正在启动到目录服务还原模式。 |
The domain controller is booting to directory services restore mode. |
| 0x0000410D | 管理员配置的帐户标识符(RID)池大小大于支持的最大值。当域控制器是 RID 主机时,将使用最大值 %1。%n有关详细信息,请访问 http://go.microsoft.com/fwlink/?LinkId=225963。 |
A pool size for account-identifiers (RIDs) that was configured by an Administrator is greater than the supported maximum. The maximum value of %1 will be used when the domain controller is the RID master. %nSee http://go.microsoft.com/fwlink/?LinkId=225963 for more information. |
| 0x0000410E | 帐户标识符(RID)池已失效。在以下预期情况下,可能会出现该问题:%n1。通过备份还原域控制器。%n2。通过快照还原在虚拟机上运行的域控制器。%n3。管理员已手动使池失效。%n有关详细信息,请访问 http://go.microsoft.com/fwlink/?LinkId=226247。 |
A pool of account-identifiers (RIDs) has been invalidated. This may occur in the following expected cases:%n1. A domain controller is restored from backup. %n2. A domain controller running on a virtual machine is restored from snapshot. %n3. An administrator has manually invalidated the pool. %nSee http://go.microsoft.com/fwlink/?LinkId=226247 for more information. |
| 0x0000410F | 帐户标识符(RID)的全局最大值已提高到 %1。%n 有关详细信息(包括重要的操作系统互操作性要求),请参阅 http://go.microsoft.com/fwlink/?LinkId=233329。 |
The global maximum for account-identifiers (RIDs) has been increased to %1. %n See http://go.microsoft.com/fwlink/?LinkId=233329 for more information including important operating system interoperability requirements. |
| 0x00004110 | 需要进行操作! 已将帐户标识符(RID)池分配给此域控制器。池值指示此域已使用大部分的总可用帐户标识符。%n%n在域达到总可用帐户标识符的以下阈值时,将激活保护机制,剩余: %1。该保护机制会阻止分配允许现有 DC 完成以下操作所需的帐户标识符(RID)池: 创建更多用户、计算机和组,或将新的 DC 提升到域中。在管理员在 RID 主域控制器上手动重新允许分配帐户标识符之前,该机制将保持活动状态。%n%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=228610。 |
Action required! An account-identifier (RID) pool was allocated to this domain controller. The pool value indicates this domain has consumed a considerable portion of the total available account-identifiers. %n%nA protection mechanism will be activated when the domain reaches the following threshold of total available account-identifiers remaining: %1. The protection mechanism prevents the allocation of account-identifier (RID) pools needed to allow existing DCs to create additional users, computers and groups, or promote new DCs into the domain. The mechanism will remain active until the Administrator manually re-enables account-identifier allocation on the RID master domain controller. %n%nSee http://go.microsoft.com/fwlink/?LinkId=228610 for more information. |
| 0x00004111 | 需要进行操作! 此域已使用大部分的总可用帐户标识符(RID)。由于总可用帐户标识符剩余大约 %1,因此,已激活保护机制。%n%n该保护机制会阻止分配允许现有 DC 完成以下操作所需的帐户标识符(RID)池: 创建更多用户、计算机和组,或将新的 DC 提升到域中。在管理员在 RID 主域控制器上手动重新允许分配帐户标识符(RID)之前,该机制将保持活动状态。%n%n在重新允许创建帐户之前进行一些诊断是极为重要的,这样可确保此域的帐户标识符使用率不会过高。在重新允许创建帐户之前,应解决发现的所有问题。%n%n如果未能诊断并解决导致帐户标识符使用率过高的任何潜在问题,则可能会导致耗尽此域中的帐户标识符(RID)池,以后将永久性禁止在此域中创建帐户。%n%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=228610。 |
Action required! This domain has consumed a considerable portion of the total available account-identifiers (RIDs). A protection mechanism has been activated because the total available account-identifiers remaining is approximately: %1. %n%nThe protection mechanism prevents the allocation of account-identifier (RID) pools needed to allow existing DCs to create additional users, computers and groups, or promote new DCs into the domain. The mechanism will remain active until the Administrator manually re-enables account-identifier (RID) allocation on the RID master domain controller. %n%nIt is extremely important that certain diagnostics be performed prior to re-enabling account creation to ensure this domain is not consuming account-identifiers at an abnormally high rate. Any issues identified should be resolved prior to re-enabling account creation. %n%nFailure to diagnose and fix any underlying issue causing an abnormally high rate of account-identifier consumption can lead to account-identifier (RID) pool exhaustion in the domain after which account creation will be permanently disabled in this domain. %n%nSee http://go.microsoft.com/fwlink/?LinkId=228610 for more information. |
| 0x00004112 | 此事件是对总剩余可用帐户标识符(RID)数量的定期更新。剩余帐户标识符数量大约为: %1。%n%n帐户标识符用于创建帐户;在使用完帐户标识符后,将无法在域中创建新帐户。%n%n有关详细信息,请访问 http://go.microsoft.com/fwlink/?LinkId=228745。 |
This event is a periodic update on the remaining total quantity of available account-identifiers (RIDs). The number of remaining account-identifiers is approximately: %1. %n%nAccount-identifiers are used as accounts are created, when they are exhausted no new accounts may be created in the domain. %n%nSee http://go.microsoft.com/fwlink/?LinkId=228745 for more information. |
| 0x00004200 | 启用的安全本地组更改成启用的安全通用组。 |
Security Enabled Local Group Changed to Security Enabled Universal Group. |
| 0x00004201 | 启用的安全本地组更改成禁用的安全本地组。 |
Security Enabled Local Group Changed to Security Disabled Local Group. |
| 0x00004202 | 启用安全的本地组更改成禁用安全的通用组。 |
Security Enabled Local Group Changed to Security Disabled Universal Group. |
| 0x00004203 | 启用安全的全局组更改成启用安全的通用组。 |
Security Enabled Global Group Changed to Security Enabled Universal Group. |
| 0x00004204 | 启用安全的全局组更改成禁用安全的全局组。 |
Security Enabled Global Group Changed to Security Disabled Global Group. |
| 0x00004205 | 启用安全的全局组更改成禁用安全的通用组。 |
Security Enabled Global Group Changed to Security Disabled Universal Group. |
| 0x00004206 | 启用安全的通用组更改成启用安全的本地组。 |
Security Enabled Universal Group Changed to Security Enabled Local Group. |
| 0x00004207 | 启用安全的通用组更改成启用安全的全局组。 |
Security Enabled Universal Group Changed to Security Enabled Global Group. |
| 0x00004208 | 启用安全的通用组更改成禁用安全的本地组。 |
Security Enabled Universal Group Changed to Security Disabled Local Group. |
| 0x00004209 | 已从启用安全的通用组更改为禁用安全的全局组。 |
Security Enabled Universal Group Changed to Security Disabled Global Group. |
| 0x0000420A | 启用安全的通用组更改成禁用安全的通用组。 |
Security Enabled Universal Group Changed to Security Disabled Universal Group. |
| 0x0000420B | 禁用安全的本地组更改成启用安全的本地组。 |
Security Disabled Local Group Changed to Security Enabled Local Group. |
| 0x0000420C | 禁用安全的本地组更改成启用安全的通用组。 |
Security Disabled Local Group Changed to Security Enabled Universal Group. |
| 0x0000420D | 禁用安全的本地组更改成禁用安全的通用组。 |
Security Disabled Local Group Changed to Security Disabled Universal Group. |
| 0x0000420E | 禁用安全的全局组更改成启用安全的全局组。 |
Security Disabled Global Group Changed to Security Enabled Global Group. |
| 0x0000420F | 禁用安全的全局组更改成启用安全的通用组。 |
Security Disabled Global Group Changed to Security Enabled Universal Group. |
| 0x00004210 | 禁用安全的全局组更改成禁用安全的通用组。 |
Security Disabled Global Group Changed to Security Disabled Universal Group. |
| 0x00004211 | 禁用安全的通用组更改成启用安全的通用组。 |
Security Disabled Universal Group Changed to Security Enabled Universal Group. |
| 0x00004212 | 禁用安全的通用组更改成启用安全的全局组。 |
Security Disabled Universal Group Changed to Security Enabled Global Group. |
| 0x00004214 | 禁用安全的通用组更改成禁用安全的本地组。 |
Security Disabled Universal Group Changed to Security Disabled Local Group. |
| 0x00004215 | 禁用安全的通用组更改成禁用安全的全局组。 |
Security Disabled Universal Group Changed to Security Disabled Global Group. |
| 0x00004216 | 成员帐户名无效。 |
Member Account Name Is Not Available. |
| 0x00004217 | 已启用帐户。 |
Account Enabled. |
| 0x00004218 | 已禁用帐户。 |
Account Disabled. |
| 0x00004219 | 在用户帐户控制字段中的一些位被更改。 |
Certain Bit(s) in User Account Control Field Has Been Changed. |
| 0x0000421B | 已更改帐户名。 |
Account Name Changed. |
| 0x0000421C | 密码策略 |
Password Policy |
| 0x0000421D | 注销策略 |
Logoff Policy |
| 0x0000421E | Oem 信息 |
Oem Information |
| 0x0000421F | 复制信息 |
Replication Information |
| 0x00004220 | 域服务器角色 |
Domain Server Role |
| 0x00004221 | 域服务器状态 |
Domain Server State |
| 0x00004222 | 锁定策略 |
Lockout Policy |
| 0x00004223 | 修改计数 |
Modified Count |
| 0x00004224 | 域模式 |
Domain Mode |
| 0x00004225 | 基本应用程序组更改到 LDAP 查询应用程序组。 |
Basic Application Group Changed to Ldap Query Application Group. |
| 0x00004226 | LDAP 查询应用程序组更改到基本应用程序组。 |
Ldap Query Application Group Changed to Basic Application Group. |
| 0x00004227 | 未能保证计算机帐户 %1 安全。请让管理员从此对象上的安全描述符删除 builtin\\account operators 完全控制访问控制项。 |
Failed to secure the machine account %1. Have an administrator remove the builtin\\account operators full control Access Control Entry from the security descriptor on this object. |
| 0x00004228 | 未能保证计算机帐户 %1 安全。此操作稍候将重试。请让管理员验证 builtin\\account operators 完全控制访问控制项已经从此对象上的安全描述符删除。 |
Failed to secure the machine account %1. This operation will be retried. Have an administrator verify the builtin\\account operators full control Access Control Entry was removed from the security descriptor on this object. |
| 0x00004229 | 保证了计算机帐户 %1 的安全。builtin\\account operators 完全控制访问控制项已经从此对象上的安全描述符删除。 |
Secured the machine account %1. The builtin\\account operators full control Access Control Entry was removed from the security descriptor on this object. |
| 0x00004230 | 在 Active Directory 数据库中,用于身份验证的证书没有与 OID %1 相对应的颁发策略描述符。该证书将与相对应的安全标识符(SID)没有关联,并且如果拥有根据此颁发策略访问权限受限制的资源,则可能会拒绝用户访问某些资源。错误为 %2。 |
The certificate that is used for authentication does not have an issuance policy descriptor corresponding to OID %1 in the Active Directory database. This certificate will not be associated with a corresponding security identifier (SID), and the user may be denied access to some resources if you have resources whose access is restricted based on this issuance policy. The error is %2. |
| 0x00004231 | OID %2 表示的证书颁发策略没有与安全标识符(SID)的链接,或者该链接无法读取。该链接由代表颁发策略的 msPKI-Enterprise-Oid 对象上的属性 msDS-OIDToGroupLink 表示。该证书将与相对应的 SID 没有关联,并且如果拥有根据此颁发策略访问权限受限制的资源,则可能会拒绝用户访问某些资源。 |
The certificate issuance policy that is represented by OID %2 does not have a link to a security identifier (SID), or this link cannot be read. The link is represented by the attribute msDS-OIDToGroupLink on the msPKI-Enterprise-Oid object that represents the issuance policy. This certificate will not be associated with a corresponding SID, and the user may be denied access to some resources if you have resources whose access is restricted based on this issuance policy. |
| 0x00004232 | 在 Active Directory 数据库中找到多个证书颁发策略描述符。这些描述符的属性 msPKI-Cert-Template-OID 包含字符串 %1。该属性应该能够唯一标识颁发策略描述符;你应该解决此冲突。受影响的颁发策略将与安全标识符(SID)没有关联,并且可能会拒绝使用由相对应的策略颁发的证书进行身份验证的用户访问某些资源。 |
Multiple certificate issuance policy descriptors were found in the Active Directory database. The attribute msPKI-Cert-Template-OID of these descriptors contains string %1. This attribute should be able to uniquely identify an issuance policy descriptor; you should resolve this conflict. The issuance policies that are affected will not be associated with security identifiers (SIDs), and users who are authenticating using certificates that are issued by the corresponding policy may be denied access to some resources. |
| 0x00004233 | 证书颁发策略描述符 %2 通过其属性 msDS-OIDToGroupLink 链接到不是安全组、具有成员或不是通用组的某个组。错误为 %6。%n颁发策略应该链接到启用安全、没有成员或是通用组的某个组的安全标识符(SID)。可能会拒绝使用根据此策略颁发的证书进行身份验证的用户访问某些资源。不符合这些要求的组的可分辨名称(也称为 DN)为 %3。 |
The certificate issuance policy descriptor %2 is linked through its attribute msDS-OIDToGroupLink to a group that is not a security group, has members, or is not universal. The error is %6.%nAn issuance policy should be linked to a security identifier (SID) of a group that is security enabled, does not have members, and is universal. Users who are authenticating using certificates that are issued according to this policy may be denied access to some resources. The distinguished name (also known as DN) of the group that does not meet these requirements is %3. |
| 0x00004234 | 无法执行请求的对组 %1 的修改。这是因为该组通过 msDS-OIDToGroupLinkBl 链接到某个证书颁发策略描述符。此类组应该启用安全,它们不应该具有任何成员,并且应该是通用组。%n请求的操作为 %4。%n错误为 %5。 |
The requested modification for group %1 could not be performed. This is because this group is linked through msDS-OIDToGroupLinkBl to a certificate issuance policy descriptor. Such groups should be security enabled, they should not have any members, and they should be universal.%nThe requested operation was %4.%nThe error is %5. |
| 0x00004235 | 证书颁发策略描述符 %1 无法链接到组 %2。只能通过属性 msDS-OIDToGroupLink 将颁发策略链接到成员为空、启用安全的通用组。你应该确保该组符合这些要求。%n错误为 %5。 |
The certificate issuance policy descriptor %1 cannot be linked to group %2. Issuance policies can be linked through the attribute msDS-OIDToGroupLink only to universal, security-enabled groups that have an empty membership. You should ensure that this group meets these requirements.%nThe error is %5. |
| 0x00004236 | 已丢弃发给用户 %1 的以下无效声明: %2。 |
The following invalid claims issued to user %1 have been dropped: %2. |
| 0x00004237 | 无法验证发给用户 %1 的声明,已丢弃这些声明。错误: %2。 |
Claims issued to user %1 could not be validated and have been dropped. Error: %2. |
| 0x00004239 | 密码通知 DLL %1 无法加载,错误 %4。请验证注册表中定义的通知 DLL 路径 %2%3 引用的是正确的绝对路径(:\\\\.),而不是相对路径或无效路径。如果 DLL 路径正确,请验证相同目录下存在所有支持文件,并且系统帐户对 DLL 路径和所有支持文件具有读取权限。请联系通知 DLL 的提供商以获取其他支持。更多详细信息可在以下网站中找到,网址为 http://go.microsoft.com/fwlink/?LinkId=245898。 |
The password notification DLL %1 failed to load with error %4. Please verify that the notification DLL path defined in the registry, %2%3, refers to a correct and absolute path (:\\\\.) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898. |
| 0x00004240 | SAM 配置为不侦听 TCP 协议。 |
SAM was configured to not listen on the TCP protocol. |
| 0x00004241 | 已在此计算机上启用旧密码验证模式。如果已配置 Exchange ActiveSync 策略,将不会针对密码验证请求实施该策略。 |
Legacy password validation mode has been enabled on this machine. If an Exchange ActiveSync policy is configured it will not be enforced for password validation requests. |
| 0x00004242 | 对 SAM 数据库进行远程调用时,受到默认安全描述符的限制: %1。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
Remote calls to the SAM database are being restricted using the default security descriptor: %1.%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004243 | 对 SAM 数据库进行远程调用时,受到配置的注册表安全描述符的限制: %1。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
Remote calls to the SAM database are being restricted using the configured registry security descriptor: %1.%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004244 | 注册表安全描述符的格式错误: %1。%n对 SAM 数据库进行远程调用时,受到默认安全描述符的限制: %2。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
The registry security descriptor is malformed: %1.%nRemote calls to the SAM database are being restricted using the default security descriptor: %2.%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004245 | 对 SAM 数据库的远程调用已被拒绝。%n客户端 SID: %1%n网络地址: %2%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
A remote call to the SAM database has been denied.%nClient SID: %1%nNetwork address: %2%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004246 | 现在已对 SAM 数据库的远程调用启用仅审核模式。SAM 将记录在正常模式下会被拒绝访问的客户端的事件。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
Audit only mode is now enabled for remote calls to the SAM database. SAM will log an event for clients who would have been denied access in normal mode. %nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004247 | 现在已对 SAM 数据库的远程调用禁用仅审核模式。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
Audit only mode is now disabled for remote calls to the SAM database.%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004248 | 当前已对 SAM 数据库的远程调用启用仅审核模式。%n以下客户端通常会被拒绝访问:%n客户端 SID: %1,来自网络地址: %2。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
Audit only mode is currently enabled for remote calls to the SAM database.%nThe following client would have been normally denied access:%nClient SID: %1 from network address: %2. %nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004249 | 在过去 %1 秒的限制时段内已拒绝对 SAM 数据库的远程调用 %2 次。%n有关详细信息,请参阅 http://go.microsoft.com/fwlink/?LinkId=787651。 |
%2 remote calls to the SAM database have been denied in the past %1 seconds throttling window.%nFor more information please see http://go.microsoft.com/fwlink/?LinkId=787651. |
| 0x00004250 | 配置此域的一个或多个知名帐户时出错。这可能是由于暂时的错误状态所致。任务将定期重试,直到成功。有关详细信息,请参阅 https://go.microsoft.com/fwlink/?linkid=832473。%n状态: %1 |
An error occurred while configuring one or more well-known accounts for this domain. This may be due to a transient error condition. The task will retry periodically until successful. For more information please see https://go.microsoft.com/fwlink/?linkid=832473.%nStatus: %1 |
| 0x50000002 | 错误 |
Error |
| 0x50000003 | 警告 |
Warning |
| 0x50000004 | 信息 |
Information |
| 0x90000001 | Microsoft-Windows-Directory-Services-SAM |
Microsoft-Windows-Directory-Services-SAM |
| 0x90000002 | System |
System |