Dcdiag fails for NCSecDesc test on Windows 2008 R2 Domain Controllers

Hi!

These days I’m checking an ADDS 2008 R2 forest. and when I did a dcdiag I saw the tipicall error in the NCSecDesc test :

* Security Permissions Check for C=ForestDnsZones,DC=domainXXX,DC=org

(NDNC,Version 3)

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=ForestDnsZones,DC=domainXXX,DC=XXX

* Security Permissions Check for DC=DomainDnsZones,DC=domainXXX,DC=org

(NDNC,Version 3)

Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have           Replicating Directory Changes In Filtered Set access rights for the naming context: DC=DomainDnsZones,DC=domainXXX,DC=XXX

This error not`s important if you don’t want to implement RODC but anyway you have two options to solve it:

As Microsoft says you can follow this article to fix it:

https://support.microsoft.com/en-us/kb/967482

But if you want to fix it manually you can do the following steps:

  1. Open Adsi Edit and Connect to the connecting point: DC=ForestDnsZoones,DC=DomainXXX,DC=XXXconnect01
  2. Over DC=ForestDnsZoones,DC=DomainXXX,DC=XXX right click and select Properties.
  3. In Security Tab push on Advanced.
  4. Select Enterprise Domain Controllers with Replicating Directory Changes and push Edit.connect02
  5. Select Allow checkbox to Replicating Directory Changes In Filter Set and Apply to This object and all descendant objects, also select Apply these permissions to objects and/or contaniers within this container only.connect03
  6. Connect to C=DomainDnsZones,DC=domainXXX,DC=XXX and do the same actions.

Regards!

 

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s