You receive an "Access is denied" error message if you try to add a new DFS root target from a host server that is running Windows Server 2003

If you try to add a new root target to an existing domain-based Distributed File System (DFS) implementation, you receive the following error message:

This issue occurs if the following conditions are true:

• The existing domain-based DFS implementation is on a host server that is running Microsoft Windows 2000 Server.
• The Windows 2000 domain is operating in Mixed Mode.
• You try to add a new root target from a host server that is running Microsoft Windows Server 2003.

This issue occurs because DFS connects to the registry of the target Windows Server 2003-based host server by using the security context of the Local Service account, and the Local Service account does not have the correct registry permissions.

Note A root target is a host server that runs the DFS service. For additional information about DFS functions, visit the following Microsoft Web site:

To resolve this issue, transfer the Primary Domain Controller (PDC) emulator Floating Single Master Operation (FSMO) role in the forest root domain to a Windows Server 2003 domain controller. To do this, follow these steps:

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click Active Directory Users and Computers, and then click Connect to Domain Controller.
   
   Note You must perform this step if you are not on the domain controller to which you want to transfer the role. You do not have to perform this step if you are already connected to the domain controller whose role you want to transfer.
   
   Do either of the following:
   • In the Enter the name of another domain controller box, type the name of the domain controller that will be the new role holder, and then click OK.
   • In the Or, select an available domain controller list, click the domain controller that will be the new role holder, and then click OK.
3. In the console tree, right-click Active Directory Users and Computers, point to All Tasks, and then click Operations Masters.
4. Click the PDC tab, and then click Change.
5. Click OK to confirm that you want to transfer the role, and then click Close.

For additional information about how to view and transfer FSMO roles in Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base: For additional information about related topics, click the following article number to view the article in the Microsoft Knowledge Base: