Microsoft KB Archive/303305

= &quot;Access Denied&quot; Error Message When You Use the Active Directory Sites and Services Tool =

Article ID: 303305

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Small Business Server 2003 Premium Edition
 * Microsoft Windows Small Business Server 2003 Standard Edition

-



This article was previously published under Q303305



SYMPTOMS
If you are in a domain in which a user or group has been granted the Replication Synchronization permission on an entire naming context, and you attempt to initiate replication with the Active Directory Sites and Services tool (Dssite.msc) in the context of that user or group, you can receive the following error message:

The following error occurred during the attempt to synchronize naming context  from domain controller   to domain controller  : Replication access has been denied

The operation will not continue.

Yet, when you initiate replication of the specific naming context with either the Active Directory Replication Monitor (Replmon.exe) or the Repadmin.exe tool, both of these tools work as expected.



CAUSE
This behavior occurs because the Active Directory Sites and Services tool initiates replication on all common naming contexts between the replication partners. The container to which the user has the Replication Synchronization permission has replicated successfully. The containers in which the user does not have the right, however, do not replicate, and the user receives an &quot;Access Denied&quot; error message.



RESOLUTION
To work around this behavior, use either the Repadmin.exe or the Replmon.exe tool to initiate replication on specific naming contexts.



STATUS
This behavior is by design.



MORE INFORMATION
The operation returns the &quot;Access Denied&quot; error message. This message does not mean that the replication did not succeed.

To permit the synchronization of a single partition, grant the following permission on the partition head (root of the partition) by using Adsiedit.msc:

&quot;Replication Synchronization&quot; = Allowed

.

Additional query words: domain schema configuration DC= CN= OU=

Keywords: kberrmsg kbprb KB303305

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.