Thursday, July 26, 2012

Operation failed. Error code: 0x8007200a

We had a problem with a group policy object which existed in SYSVOL however did not display in Group Policy Management Console.  All group policy objects are located in the Active Directory schema domain partition under:

Domain --> System --> Group policies

You can view these policies using ADSI Edit by connecting to the default domain partition.  The policy that was showing up in SYSVOL was also displaying in ADSIEdit however we could not view any attributes on the object, or the objects class.  When trying to delete the object we got the following error.

Operation failed.  Error code: 0x8007200a
The specified directory service attribute or value does not exist.

This problem occurs when you do not have permissions to view the attributes of the object.  Check that you have ALLOW permissions to read the object or that there are no DENY permissions.  In our case someone had set Enterprise Admin to DENY read, hence the issue.