Article ID: 246721
Article Last Modified on 3/1/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Datacenter Server
This article was previously published under Q246721
SYMPTOMS
If you use Replication Monitor (Replmon.exe) and you add a server to monitor, when you connect to certain partitions the status of the directory partition is not shown and the icon for the directory partition may contain a yellow circle with an exclamation point (a "warning" symbol).
In addition, the following event log entry may be present in the Directory service event log if the logging level for NTDS Replication is set to 3 or higher:
CAUSE
This behavior occurs because you do not have the required permissions to read the status of the particular directory partition.
RESOLUTION
The minimum permission necessary is "Manage Replication Topology" for "This object only" on the appropriate directory partition. For the domain directory partition, you can grant this permission through the Active Directory Users and Computers snap-in. For all others, you can use Adsiedit.msc, which is an administrative tool included in the Support tools for Windows 2000. You can install Adsiedit.msc from the Support\Tools folder of the Windows 2000 Server or Windows 2000 Professional CD-ROM.
To delegate the permission to monitor domain directory partition status:
- Open the Active Directory Users and Computers snap-in as an administrator of the domain.
- On the View menu, click Advanced Features so there is a check mark next to it.
- Right-click the root domain object, and then click Properties.
- On the Security tab, click Add.
- Select the user or group to which you wan to delegate the permissions, and then click OK.
- With the user or group still highlighted, click the check box in the Allow column for the following permission:
Manage Replication Topology
- Click OK.
- Have the user refresh the Replmon statistics. The user should now be able to see the replication status for the directory partition.
To delegate the permission to monitor the schema and configuration directory partitions:
- Install the Windows 2000 Support tools if they are not already installed.
- Run Setup.exe from the Support\Tools folder of the Windows 2000 Server or Windows 2000 Professional CD-ROM.
- Run Adsiedit.msc as an administrator of the root domain of the forest and expand the Configuration Container or Schema node, whichever is appropriate.
- Each node contains a child object that begins with "CN=". Right-click this object, and then click Properties.
- On the Security tab, click Add.
- Double-click the user or group to which you want to delegate permissions, and then click OK.
- With the user or group highlighted, click the check box in the Allow column for the following permission:
Manage Replication Topology
- Click OK.
- Have the user running Replmon refresh the statistics. The user should now be able to see the replication status for the directory partition.
NOTE: Depending on the domain controller the user is monitoring, if the permissions change is made by the administrator on a different domain controller, the change needs to replicate to the server the user is monitoring for the effect to take place.
MORE INFORMATION
Active Directory Replication Monitor (Replmon.exe) is a tool included in the Support tools that you can use to monitor and troubleshoot Active Directory replication in Windows 2000.
Keywords: kberrmsg kbnetwork kbprb KB246721
