Delegation of Replication

[NW]

Help here Please!

I created a group called Urgent_replicator that will deal
with Sites and Services replication.
The only permission that they can do is to be able to
execute Replicate now and nothing else(for urgent
replication).
I was trying to find the specific permission but no luck,
I added all these three permission Replication
Synchronization, Manage replication topology and
Replicating directory changes but no luck still.Even went
to particular ACL Connection, Sites objects and gave a
full control to test but no luck..

Any idea?. I'm doing the delegation in active directory
Users and computers do or I have to do it in Sites and
services?? should be same
thanks
..

 

[Tony Murray [MVP]]

I tried to do this some time ago, without success.

Tony

 

[NW]

Thanks Tony!

Guys anybody who has a luck

-----Original Message-----
I tried to do this some time ago, without success.

Tony

.

 

[Tim Springston [MSFT]]

To delegate the rights to initiate AD replication to a user or group, follow
the
steps below. If you have multiple domains for your forest, the delegation
would
need to be to a universal group and all the domains would need to be in
native
mode. Otherwise this can be done using a user or global security group.

Keep in mind that for non-domain admins to be able to log locally on a
domain
controller they would need to be added to the default domain controllers GPO
into
the Logon Locally right. Here are steps for that:

================
To grant this right to a Windows 2000 domain user you must add that user to
the
"Log on Locally" policy container. (This procedure assumes that the domain
user
account already exists.)

1. Click Start, point to Programs, point to Administrative Tools, and select
Domain Security Policy.

2. Click Local Policies.

3. Click User Rights Assignments.

4. In the right pane, double-click Log On Locally.

5. In the Security Policy dialog box, click Add.

6. Under Select Users or Groups, type the user name in the lower pane and
click
OK.

7. In the Security Policy dialog box, click OK.

The user account now has rights to log on locally to the Domain Controller
computer.
============================================================================
=======


Here are steps for the AD replication delegation:

1) Open ADSIEDIT.MSC (installed with the support tools).

2) Go to the properties for the configuration container for the forest.
Then click
on the security folder tab so that it is in front.

3) Add the user or group you want to have the permission to replicate AD.
Then
click Allow on the "Replication Synchronization" permission.

4) Repeat steps 2-3 for the Schema and Domain containers. If you have
multiple
domains in the forest then repeat steps 2-3 on a DC in each domain to add
the
necessary permissions to each particular domain's Domain container.