This article was previously published under Q249261
This article has been archived. It is offered "as is" and will no longer be updated.
After you upgrade from Microsoft Windows NT 4.0 to Windows 2000 and promote the domain controllers, the domain controllers may not replicate properly after you restart them.
When you run DCDIAG /test:Replications on a domain controller, you may receive the following error message:
Testing server: DOMAIN\SERVER1 Starting test: Replications * Replications Check [Replications Check,SERVER1] A recent replication attempt failed: From SERVER2 to SERVER1 Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com The replication generated an error (5): Access is denied. The failure occurred at 1999-12-23 19:54.37. The last success occurred at 1999-12-23 15:31.59. 7 failures have occurred since the last success.
You may receive other error messages that are a consequence of the failed replication.
This behavior may occur if you revoke the Access this computer from the network right for the Everyone group before you upgrade the computer.
If this is the case, the domain controllers are unable to replicate.
To resolve this issue:
In Windows NT 4.0, use User Manager for Domains to give the Everyone group the Access this computer from the network permission, and then upgrade your computer to Windows 2000.
If you have already upgraded to Windows 2000, follow these steps:
Start the Active Directory Users and Computers snap-in.
Right-click Domain Controllers, and then click Properties.
Click Group Policy, click Default Domain Controllers Policy, and then click Edit.
In Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click User Rights Assignment.
Double-click Access this computer from the network.
Add Enterprise Domain Controllers to the list.
NOTE: You can add any other group that contains domain controller computer accounts, including the Everyone group. You should avoid using Domain Controllers because this global group cannot contain domain controllers from other domains.
Replication resumes after the group policy object is in effect.
Microsoft has confirmed this to be a problem in Microsoft Windows 2000.