Active Directory DirSync search preference RRS feed

  • Question

  • We are using the DirSync method for a IDirectory search in an Active Directory Domain Controller. Since the user credentials does not have administrative rights the search is not executed. But a replication error gets logged in the event viewer of the DC. Why is this happening? 

    We are fine with the search not being able to execute and do not want to give the user the admin credentials or replicating directory changes permission. It is part of a scheduled search and is hence causing a lot of error logs in the event viewer. 

    We run the DirSync method as part of a scheduled run but the event isn't logged every time it is run. It is skipped randomly during some cases. Any idea why that might be? 

    The event logged in the event viewer is:

    EventID 2896

    A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error. 

    Directory partition: 
    Error value: 
    8453 Replication access was denied. 

    User Action 
    The client may not have access for this request.  If the client requires it, they should be assigned the control access right "Replicating Directory Changes" on the directory partition in question.

    Thursday, June 13, 2019 8:16 AM