This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 31%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
I face an issue while promoting new Domain Controller (Additional Domain Controller); this domain controller must be the 7th DC in the forset/domain, the promotion is failed each time with the Following error:
The operation failed because:
Active Directory Domain Services could not replicate the directory partition CN=Configuration,DC=xxxx,DC=LOCAL from the remote Active Directory Domain Controller xxx.xxxx.LOCAL.
"Replication access was denied."
The user account I used for promotion is member of: Enterprise Admins, Schema Admins, Domain Admins, Administrators, also I set it in Domain Controllers Group, with full controll/permission on Configuration Partition (Adsi Edit)
I am able to promote Read Only Domain Controller (RODC) but the issue appreaes only during promoting new Writable DC, which lead to failed promotion process.
appreciate Any help.
Thankfully I am able to solve this issue, it was due to Deny permission on “Replicating Directory Changes All” role for Administrators group on configuration partition at “ADSIEdit”, when I changed it to allow the issue resolved successfully.
This is the solution
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 59%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
I want to thank you, this solved an issue I was having for months trying to promote some new DCs. 🙌
Hello,
Have you run repadmin to verify that bi-directional replication is healthy on all other DC's?
Check that DNS role is installed and it may help to make sure server is a domain member
Miguel Fra
https://www.falconitservices.com
Yes, I ran repadmin with no errors
aslo DCDIAG on exsits DCs
You can work through this one.
https://video2.skills-academy.com/en-us/troubleshoot/windows-server/identity/replication-error-8453
--please don't forget to upvote and Accept as answer if the reply is helpful--
I have checked the mentioned article with no result, in addional of that this article for issues on replication after procceding promotion process but in my case I am stuck in promotion process, so I can not run dcdiag commands
The event logs may provide more clues.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--