When running a DCDiag on 2008 or 2008 R2 domain controllers, it is very common to see the following error when running a dcdiag.exe.
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
......................... DC1 failed test NCSecDesc
This is caused on Active Directory domains which have not prepared Active Directory for read only domain controllers with "adprep /rodcprep".
Server 2012 / 2012 R2 domain controllers do not receive this error for NCSecDesc.
Also it is recommended you do not prepare you domain for RODC unless you intend to deploy Read Only Domain Controllers provided you have the requirement for specific branch locations from a physical security perspective.
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=DomainDnsZones,DC=domain,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
DC=ForestDnsZones,DC=domain,DC=local
......................... DC1 failed test NCSecDesc
This is caused on Active Directory domains which have not prepared Active Directory for read only domain controllers with "adprep /rodcprep".
Server 2012 / 2012 R2 domain controllers do not receive this error for NCSecDesc.
Also it is recommended you do not prepare you domain for RODC unless you intend to deploy Read Only Domain Controllers provided you have the requirement for specific branch locations from a physical security perspective.
This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.
ConversionConversion EmoticonEmoticon