Issue
During Password Copy, DirSync utilize PSEXEC calls to map shared drive to the Source and Target PDC servers for password copy utility to run. User may receive Access Denied Message when PSEXEC failed to make connection to the PDC servers.
Cause
Below are some of the reason why user encounter this type of errors.
1. PSEXEC may not pass the credential information correctly due to service account Password contains special characters.
2. DirSync Service account do not have access to the PDC servers(Credential may have to be created in Windows Credential Manager).
Solution
1. PSEXEC does not handle special characters, consider changing the password for the service account without using special characters.
2. Modify the DirSync Service logon credential via Service.MSC to use a non-local system account. After the logon account has been modified, use the below command create a saved credential to the PDC servers under credential manager:
cmdkey /add:FQDN(PDC Server name) /user:domain\username -p Passwords
