Active Directory | Messaging Solutions

This blog will give the solution and fix for Active Directory and Messaging administrators

Home » » Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes

No comments

I was working for Domain controller upgrade from 2008 R2 to 2012 R2 after introducing the new 2012 ADC DCDIAG shows the below error messages and the error may happens active Directory domains not prepared Active Directory for read only domain controllers with "adprep /rodcprep" but my case DC build went without any error and haven't executed the command. 
After referring some articles, this is related AD replication permission and domain controller don't have permission to do the "replication directory changes" because of AD preparation issue.......

We have to manually give the permission to fix the errors.

DCDIAG output:
1. Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set
Starting test: MachineAccount
         ......................... DC1 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=test,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=test,DC=local
         ......................... DC1 failed test NCSecDesc
      Starting test: NetLogons
         ......................... DC1 passed test NetLogons

2. Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes All
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes All
   access rights for the naming context:
   DC=ForestDnsZones,DC=test,DC=local
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes All
   access rights for the naming context:
   DC=DomainDnsZones,DC=test,DC=local
   ......................... DC1 failed test NCSecDesc
Starting test: NetLogons

Solution: 
  1. Go to ADSIEDIT.msc and Connect the connecting point: DC=ForestDnsZoones,DC=xxxxx,DC=xxxxx
  2. On DC=ForestDnsZoones,DC=xxxxx,DC=xxxxx right click and select Properties.
  3. On the Window select Security tab then select Advanced button
  4. Select Enterprise Domain Controllers --> Replicating Directory Changes and click on Edit
  5. Then select check box "Allow checkbox to Replicating Directory Changes In Filter Set" and Apply to "This object and all descendant objects"
  6. And, also select "Apply these permissions to objects and/or containers within this container only"
Repeat the above steps for DC=DomainDnsZones,DC=xxxxx,DC=xxxxx and do the same actions.


Follow the below in Windows 2012 or later OS versions:


I hope this may helps....!
Share:

Related Posts:

No comments:

Post a Comment

Search This Blog

Recent Posts