I want to give a AD group the ability to force an AD replication so they can go into the NTDS for a particular server in an AD site, right click on antoher server in that site and select Replicate Now. I have run Delegate Control for every level in AD Sites and Services (Site Container, Site Name, Servers Container) giving this group full control at each step. But when a user in this group performs the 'Replicate Now' they get the following error:
The following error occurred during the attempt to sycnronize naming context Configuration from domain controller <DC1> to domain controller <DC2>: Replication access was denied.
The operation will not continue.
Is there some other way to perfrom this function and/or what step am I missing?
I am running all W2K3 Domain Controllers in Native 2000 mode.