Dynamic Group not updating. Error 2523 and 2524 (4323050)

Dynamic Groups are updated daily at 3:00am by default.

There are 2 scheduled tasks that run in tandem, which are:

1. Dynamic Group Checker - Evaluates Dynamic Groups and ensures membership is accurate
2. Dynamic Group Updater - Prepares the membership list and updates the Dynamic Groups

During this time you may see event IDs 2523 or 2524 logged in the Active Roles event log if an error occurs in updating the group.

Active Roles Dynamic Group updater is designed to stop if such an error occurs, such as in this example:

ERROR 2523:

Error when updating Dynamic Group.

Failed to update membership list of Dynamic Group.
Details: Administration Service encountered an error when making changes to the object 'CN=group,OU=Group,DC=mydomain,DC=com'. The specified account does not exist. (Exception from HRESULT: 0x80070525).

ERROR 2524:

STATUS

This functionality is by design. 

If Active Roles detects an error when updating the Dynamic Group, it halts the update and the group may end up in an incorrect membership state. The Dynamic Group must be manually rebuilt by opening the group and clicking Rebuild. 

For reference, the membership list of a Dynamic Group is updated in any of these cases:

1. Membership rule has been modified
2. Group type has been changed
3. Membership list exceeds a limit so nested groups have been generated
4. Membership list has been modified by an external tool, such as Active Directory Users and Computers
5. Rebuild of the membership list has been initiated manually, from the Members tab in the Dynamic Group Properties dialog box
6. Given a membership rule based on linked attributes (such as Include Group Members), the forward link attribute (such as Members) has been modified

WORKAROUND

If error 2523 or 2524 occurs, open the Dynamic Group and click the Rebuild button on the Members tab. It is recommended to also review and validate the configured rules.