After you enable the credential roaming feature for a domain, the size of the Ntds.dit file becomes larger on one or more domain controllers that are running Windows Server 2003 or Windows Server 2008.
This problem may cause unexpected errors on the affected domain controllers. Domain administrators must monitor and maintain the Active Directory database to prevent possible errors.
To monitor this problem, you must set the logging level of Internal Processing events to 4 in Active Directory diagnostic event logging.
For more information about how to set the logging level, click the following article number to view the article in the Microsoft Knowledge Base:
314980 How to configure Active Directory diagnostic event logging in Windows Server 2003 and in Windows 2000 Server
If the size of the Ntds.dit file grows abnormally after you set the logging level, the following event is logged in the Directory Service event log:
Event Type: Error Event Source: NTDS General Event Category: Internal Processing Event ID: 1481 Date: <Date> Time: <Time> User: <user name> Computer: <computer name> Description: Internal error: The operation on the object failed. Additional Data Error value: 1 00002083: AtrErr: DSID-0315115A, #1: 0: 00002083: DSID-0315115A, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att 90765 (msPKIDPAPIMasterKeys):len 1072