This was a real pain and we ended up having to call Microsoft and spend several hours to resolve what seem to be a simple issue. When running dcdiag you get an error that the NCSecDesc test failed with:
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have Replicating Directory Changes In Filtered Set access rights for the naming context: DC=cosgro,DC=com
Normally running adprep /rodcprep at the command line would correct… Continue reading
How to fix NCSECDESC Failures in Active Directory. If you get the following when running DCDiag on a Windows AD Server do the following to correct.
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=MYDOMAIN,DC=local
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn’t have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=MYDOMAIN,DC=local … Continue reading
You run DCDiag and it returns a failure that names can not be resolved.
testing server: default-first-site-name\mydomain
starting test: connectivity
the host 7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local could not be resolved to an
ip address. check the dns server, dhcp, server name, etc
although the guid dns name
(7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local) couldn’t be
resolved, the server name (myhost.mydomain.local) resolved to the ip
address (192.168.1.5) and was… Continue reading
