Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating Directory Changes In Filtered Set access rights for the naming context:

Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS

Hi, Dear Folk!

 

I would like to share with you the issue I experienced on my domain controllers environment last week, some users and IT guys complained about that their login takes time to log in to the domain.

Honestly, I also experience some tiny slow login process but it wasn’t something that I really could noticed without their ware 🙂

The first step that I did is used on some basic Active Directory commands, such as  “repadmin“,  and it showed that everything is ok and there is no any replication issue, however, “dcdiag” command shows me the following error:

Error:Starting test: NCSecDesc

 

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have

 

Replicating Directory Changes In Filtered Set

 

access rights for the naming context:

Microsoft indicated that this issue happens when you have RODC server that does not have a particular permission to perform replication, in my environment, there is now any RODC server,

The solution I found is:

open “ADSI.EDIT” wizard and connect to:

DC=ForestDnsZoones,DC=Pelegit,DC=co,DC=il

Properties on the folder:

ASDI.EDIT

In Security Tab click on Advanced:

Error NT AUTHORITYENTERPRISE DOMAIN CONTROLLERS

Please apply to “This object and all descendant objects” and checkbox the “Allow checkbox to Replicating Directory Changes In Filter” and also select Apply these permissions to objects and/or containers within this container only.

ENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating Directory Changes

After you finish this step, please repeat all steps also for “DC=DomainDnsZones,DC=Pelegit,DC=co,DC=il”and then run “repadmin /syncall” and those errors are gone!

Hope it was helpful!

 

 

 

Leave a Comment

Your email address will not be published.

In the news
Load More