I don't know offhand but it's possible that something failed when they did adprep /forestprep and it missed that step (I assume that's where it's added). I would expect you could just add it to the Config NC head and be on your way.
From: [email protected] [mailto:[email protected]] On Behalf Of Webster Sent: Wednesday, February 4, 2015 6:15 AM To: [email protected] Subject: [NTSysADM] DCDiag error: Error BUILTIN\Administrators doesn't have Replicating Directory Changes All access rights for the naming context Working with a company that is just now starting their WinXP to Win7 migration. All their servers are still Server 2003 so all 18 of the domain controllers are Server 2003. Their FFL is Server 2003. When I run DCDiag, all 18 DCs get the following error: Error BUILTIN\Administrators doesn't have Replicating Directory Changes All access rights for the naming context: CN=Configuration,DC=web,DC=com According to http://support.microsoft.com/kb/829306 , this should happen when running the Server 2003 version of dcdiag.exe when there are no 2003 DCs. Not the case here. I haven't seen an all Server 2003 environment in a while, so I am assuming all they need to do is use ADSIEdit and make sure BUILTIN\Administrators has the Replicate Directory Changes permission? Thanks Webster
