When you run
DCDIAG /test:Replications on a
DC, you receive:
Testing server: <DomainName>\>ServerName> Starting test: Replications * Replications Check \[Replications Check,<ServerName>\] A recent replication attempt failed: From <AnotherServer> to <ServerName> Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com The replication generated an error (5): Access is denied. The failure occurred at 2000-12-07 19:54.37. The last success occurred at 2000-12-07 15:31.59. 7 failures have occurred since the last success.You probably receive other error messages, as a result of the replication failure.
If the computer account for a DC does NOT have the right to access this computer from the network, you would experience this problem.
If you removed the Everyone group before upgrading from Windows NT 4.0, that is the problem, as the Windows 2000 computer accounts do NOT receive the Authenticated Users group SID.
If your management tools do NOT work, see tips 3132 and 3133.
If you can use the Active Directrory Users and Computers snap-in:
1. Open Active Directrory Users and Computers.
2. Right-click Domain Controllers and press Properties.
3. Expand Group Policy / Default Domain Controllers Policy.
4. Press Edit.
5. Expand Computer Configuration / Windows Settings / Security Settings / Local Policies.
6. Press User Rights Assignment.
7. Double-click Access this computer from the network.
8. Add the Enterprise Domain Controllers group to the list.
NOTE: Do NOT add the Domain Controllers group as it can NOT contain domain controllers from other domains.
9. Force the group policy to be applied by using Secedit.exe at the bottom of tip 2184.
Replication will start working after the GPO is in effect.
