Monday, December 21, 2015

Common DCDIAG Error with NCSecDesc

When running a DCDiag on 2008 or 2008 R2 domain controllers, it is very common to see the following error when running a dcdiag.exe.

Starting test: NCSecDesc
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
   DC=DomainDnsZones,DC=domain,DC=local
   Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes In Filtered Set access rights for the naming context:
   DC=ForestDnsZones,DC=domain,DC=local
   ......................... DC1 failed test NCSecDesc



This is caused on Active Directory domains which have not prepared Active Directory for read only domain controllers with "adprep /rodcprep".

Server 2012 / 2012 R2 domain controllers do not receive this error for NCSecDesc.

Also it is recommended you do not prepare you domain for RODC unless you intend to deploy Read Only Domain Controllers provided you have the requirement for specific branch locations from a physical security perspective.

1 comment:

  1. windows 10 product key sale , windows 7 pro key sale , windows 10 product key for pro , windows 10 activation watermark , windows 10 product key v , windows 10 serial keys redmondpie , windows 10 serial key l , windows 7 key,windows 7 professional product key , soNeY7

    windows 10 pro key

    office 2013 pro key sale

    cheap visual studio key buy

    ReplyDelete