Announcement

Collapse
No announcement yet.

DCdiag error result

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DCdiag error result

    Hi,


    I got the following error while running Dcdiag, can someone shed a light what are these errors about?

    Starting test: NCSecDesc
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=ForestDnsZones,DC=xxxxxx,DC=com
    Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
    Replicating Directory Changes In Filtered Set
    access rights for the naming context:
    DC=DomainDnsZones,DC=xxxxxx,DC=com
    ......................... AD failed test NCSecDesc


    any help much appreciated!

    thanks,
    airok

  • #2
    Re: DCdiag error result

    You added a RODC or DC without running ADPrep perhaps?

    http://support.microsoft.com/kb/967482

    When did the issue start occurring? Any hints from your event viewer?

    Comment


    • #3
      Re: DCdiag error result

      Originally posted by airok View Post
      Hi,


      I got the following error while running Dcdiag, can someone shed a light what are these errors about?

      Starting test: NCSecDesc
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=ForestDnsZones,DC=xxxxxx,DC=com
      Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
      Replicating Directory Changes In Filtered Set
      access rights for the naming context:
      DC=DomainDnsZones,DC=xxxxxx,DC=com
      ......................... AD failed test NCSecDesc


      any help much appreciated!

      thanks,
      airok
      What Active Directory are you using? It take it that the command was run on a Windows 2003 DC? Are you in the middle of upgrading? As suggested, it is perhaps due to not having run ADPREP /RODCPREP on a 64 bit DC or ADPREP32 /RODCPREP on a 32 bit DC. Do you currently have an issue or just verifying health? If you are not planning to add RODCs (should the assumption be correct) you don't have to perform the RODCPREP switch.

      Comment


      • #4
        Re: DCdiag error result

        i'm not trying to add any RODC. i was just doing a health check on DC and found this error. I read the link from microsoft too, it doesn't provide too much detail what's the impact of this error though. Can i just safely ignore it?
        I reckon this error might be there for a very long time already. Nothing too abnormal found on the DC events. Btw, it is a Windows server 2003.

        many thanks

        Comment


        • #5
          Re: DCdiag error result

          If this DC is a Windows Server 2003 than ignore.
          If this is a RODC with Windows server 2003 on a multi function domain level than to run ADPrep is still the answer.

          To do so locate the support tools folder of the Windows 2008 cd, and run "adprep.exe /rodcprep" command.

          This only applies if your in a multi function domain. If your domain is running 2003 Domain level only, than do not run the above command from a 2008 media. Might be harmless perhaps, as the 2008 adprep likely is the same as 2003, but I do not know, as I never tested that bit, and not wanting to say go ahead without being sure.

          Comment

          Working...
          X