"Access Denied" Error Message When You Use the Active Directory Sites and Services Tool


If you are in a domain in which a user or group has been granted the Replication Synchronization permission on an entire naming context, and you attempt to initiate replication with the Active Directory Sites and Services tool (Dssite.msc) in the context of that user or group, you can receive the following error message:
The following error occurred during the attempt to synchronize naming context
Your_naming_context from domain controller
Source_DC to domain controller
Destination_DC: Replication access has been denied

The operation will not continue.
Yet, when you initiate replication of the specific naming context with either the Active Directory Replication Monitor (Replmon.exe) or the Repadmin.exe tool, both of these tools work as expected.


This behavior occurs because the Active Directory Sites and Services tool initiates replication on all common naming contexts between the replication partners. The container to which the user has the Replication Synchronization permission has replicated successfully. The containers in which the user does not have the right, however, do not replicate, and the user receives an "Access Denied" error message.


To work around this behavior, use either the Repadmin.exe or the Replmon.exe tool to initiate replication on specific naming contexts.


This behavior is by design.

More Information

The operation returns the "Access Denied" error message. This message does not mean that the replication did not succeed.

To permit the synchronization of a single partition, grant the following permission on the partition head (root of the partition) by using Adsiedit.msc:
"Replication Synchronization" = Allowed

ID do Artigo: 303305 - Última Revisão: 7 de jan de 2008 - Revisão: 1