Yep good show, "Monitor Active Directory Replication" does work for K3 which is nice since you don't need "Manage Replication Topology".
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorge de Almeida Pinto Sent: Thursday, May 12, 2005 5:57 PM To: '[EMAIL PROTECTED] '; '[EMAIL PROTECTED] '; '[email protected] ' Subject: RE: [ActiveDir] DsReplicaGetInfo() failed with status 8453 (0x210 5) - Permissions If I remember correctly you need at least the "DS-Replication-Monitor-Topology" extended right. I assume your elevated account is member of the enterprise admins which have this right to manage replication throughout AD or a member of domain admins which have this right to manage replication for the DCs that belong to the same domain as the domain admins group http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adschema/ad schema/r_ds_replication_monitor_topology.asp The following guide might help you: Best Practices for Delegating Active Directory Administration [url]http://www.microsoft.com/downloads/details.aspx?FamilyID=631747a3-79e1- 48fa-9730-dae7c0a1d6d3&DisplayLang=en[/url] Best Practices for Delegating Active Directory Administration Appendices [url]http://www.microsoft.com/downloads/details.aspx?FamilyID=29dbae88-a216- 45f9-9739-cb1fb22a0642&DisplayLang=en[/url] Get Replication Latency Information In Windows 2000, Extended right Manage Replication Topology needed on domain NC head In Windows Server 2003, Extended right Monitor Replication Topology or Manage Replication Topology needed on domain NC head Check Replication Status In Windows 2000, Extended right Manage Replication Topology needed on domain NC head In Windows Server 2003, Extended right Monitor Replication Topology or Manage Replication Topology needed on domain NC head Cheers #JORGE# -----Original Message----- From: [EMAIL PROTECTED] To: [email protected] Sent: 5/12/2005 10:58 PM Subject: [ActiveDir] DsReplicaGetInfo() failed with status 8453 (0x2105) - Permissions One of these days, hopefully I can contribute to this list instead of asking questions all the time. At any rate, I'm getting this error when I run repadmin /showrepl dcname. Everything I've looked up points to Q329860 which isn't relevant in this case. I get this error under my standard user account but works fine for my elevated account. So, I'm curious if anyone has tracked down what permissions are required to run /showrepl or /replsum? Thanks! -m This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
