DSP: AD2AD: Access Denied Observed when DirSync perform Password Copy process (4307267)

Issue 

Smart DirSync will utilize Windows Credential Cache when accessing Source and Target PDC servers during Password Copy process. It will create cached Source and Target Credential under the context of the Local System on the DirSync Server so that it can copy the Passwords.  In certain environment, when Group Policy "Network Access: Do not allow storage of credential or .NET Passport for Network Authentication" is enabled, Credential Cache will not happen as access will be denied. 

The end user will get Access Denied Error Message when DirSync Perform the Password Copy. 

Solution

Disable this Group Policy at

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ and set the Policy "Network Access: Do not allow storage of credential or .NET Passport for Network Authentication: to Disable.  This Group Policy need to be disabled by your Domain Administrator.