Hi, Dear Folk!
I would like to share with you the issue I experienced on my domain controllers environment last week, some users and IT guys complained about that their login takes time to log in to the domain.
Honestly, I also experience some tiny slow login process but it wasn’t something that I really could noticed without their ware 🙂
The first step that I did is used on some basic Active Directory commands, such as “repadmin“, and it showed that everything is ok and there is no any replication issue, however, “dcdiag” command shows me the following error:
| Error: | Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context: |
Microsoft indicated that this issue happens when you have RODC server that does not have a particular permission to perform replication, in my environment, there is now any RODC server,
The solution I found is:
open “ADSI.EDIT” wizard and connect to:
DC=ForestDnsZoones,DC=Pelegit,DC=co,DC=il
Properties on the folder:
In Security Tab click on Advanced:
Please apply to “This object and all descendant objects” and checkbox the “Allow checkbox to Replicating Directory Changes In Filter” and also select Apply these permissions to objects and/or containers within this container only.
After you finish this step, please repeat all steps also for “DC=DomainDnsZones,DC=Pelegit,DC=co,DC=il”and then run “repadmin /syncall” and those errors are gone!
Hope it was helpful!
