You usually see errors similar to these in the connector logs:
ADSync RunDiff error: System.Runtime.InteropServices.COMException (0x80070005): Access is denied.\x0D\x0A\x0D\x0A at System.DirectoryServices.SearchResultCollection.ResultsEnumerator.MoveNext()\x0D\x0A at System.DirectoryServices.SearchResultCollection.get_InnerList()\x0D\x0A at System.DirectoryServices.SearchResultCollection.get_Count()\x0D\x0A at LDIFManager.RunDiff(St ringBuilder& sbIn, String sPath, String sDomain, String sFilter, Boolean bDropCookie, String& sError)
There are two scenarios that this issue might happen:
1) .NET 3.5.1 SP1 is not installed
2) User is missing replicate directory changes and read permissions. One symptom of this is if the OpenDNS_Connector user account can read the AD tree via LDIFDE, but the connector still returns "Access is denied".
To add the necessary Replicate Directory Changes and Read permissions, please follow these steps:
- Open the Active Directory Users and Computers snap-in
- On the View menu, click Advanced Features.
- Right-click the domain object, such as "company.com", and then click Properties.
- On the Security tab, if the desired user account (OpenDNS_Connector) is not listed, click Add; if the desired user account is listed, proceed to step 7.
- In the Select Users, Computers, or Groups dialog box, select the desired user account, and then click Add.
- Click OK to return to the Properties dialog box.
- Click the desired user account.
- Click to select the Replicating Directory Changes and Read check boxes from the list.
- Click Apply, and then click OK.
- Close the snap-in.
If the issue is related to .NET 3.5.1 SP1 not installed you should be able to download it from here: