Microsoft KB Archive/262795

From BetaArchive Wiki
Knowledge Base


"Replication Access was denied" error message when attempting to synchronize domain controllers

Article ID: 262795

Article Last Modified on 3/1/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server


This article was previously published under Q262795


SYMPTOMS

When you use the Active Directory Sites and Services snap-in from a child domain to force replication from a parent domain or another child domain at the same level, you may receive the following error message:

The following error occurred during the attempt to synchronize the Domain Controllers: Replication Access was denied

CAUSE

By default, administrators of child domains can only force replication within their own domain. Administrative permissions do not flow down; they need to be assigned. When a child domain is created, the Enterprise Admin global group is added to the built-in Administrators group of the child domain. This allows the administrator of the parent domain to administer and force replication from either the parent domain or the child domain. Administrators of child domains can only force replication within their own domain unless they are granted administrative permissions over the parent domain or another child domain.

RESOLUTION

To resolve this issue, give the administrator in the child domain permissions to the parent and/or child domain from which you want to force replication.

Note The following steps use the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in from the domain on which you want to grant administrative permissions.

  1. Expand the domain.com node within the snap-in.
  2. Click the Built-in folder.
  3. On the right-hand pane of the snap-in, right-click the Administrators group, and then click Properties.
  4. On the Members tab, click Add.
  5. In the Select Users, Contacts, Computers, or Groups dialog box, in the Look in box, click the domain that contains the administrator to whom you want to grant permissions.
  6. Click the Administrator account, click Add, and then click OK.

Repeat these steps for each domain that you want to assign administrative permissions to.

STATUS

This behavior is by design.

MORE INFORMATION

Keep in mind that parent domains are able to manage all of their child domains but you need to perform the steps described in this article for any child domains that want to manage the parent domain or other child domains on the same level.


Additional query words: replicate now force

Keywords: kbacl kbactivedirectoryrepl kbenv kberrmsg kbprb kbsecconfiged KB262795



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/262795&oldid=144579
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki