Saturday, August 9, 2008

Replicating Directory Changes in Filtered Set access rights for the naming context



After installing first DC/GC windows 2008, receiving following error on DCdiag

Error:

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:

DCdiag /q is giving errors after installing fist DC into existing forest. Domain. The event id is also complaining about same problem. After doing a little research found out the problem is being caused not running
adprep /rod prep yet in the domain. So running this will get rid of from errors below.
Insert your windows 2008 installation disk into CD-Room or ISO. Go to command line and copy and paste below command (make sure D is the cd-room, or change it to appropriate drive letter in your server

  • D:\sources\adprep\adprep /rodcprep
  • After running this command you will get output similar to this

Adprep completed without errors. All partitions are updated. See the ADPrep.log in directory C:\Windows\debug\adprep\logs\20080809195019 for more information


Starting test: WIN09DC1

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=ForestDnsZones,DC=smtp25,DC=org

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

Replicating Directory Changes In Filtered Set

access rights for the naming context:

DC=DomainDnsZones, DC=smtp25,DC=org

......................... DC2 failed test NCSecDesc

Starting test: NetLogons

......................... DC2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DC2 passed test ObjectsReplicated

Starting test: Replications

[WIN09DC1DsBindWithSpnEx() failed with error 1722,

The RPC server is unavailable..

......................... DC2 failed test Replications

Starting test: RidManager



This is the process to contact the infrastructure master and update the permission on the application directory partition adprep /rodcprep will take care permissions on the Infrastructure master in order for us to install RODC's. This is the process to contact the infrastructure master and update the permission on the application directory partition

Oz Ozugurlu

MVP (Exchange)

MCITP (EMA), MCITP (SA)

MCSE 2003, M+, S+, MCDST

Security+, Project +, Server +

Blog: http://www.smtp25.blogspot.com

1 comment:

Faizan Afzal said...

http://www.elisting.us business and personal webpages from united states.