Sysvol

What is the SYSVOL Folder?

FRS Service is responsible for SYSVOL and DFS Replication.

The SYSVOL folder stores the server’s copy of the domain public files. The folder contains such as group policy, users etc of the sysvol folder are replicated to all domain controller in the domain. The sysvol folder must be located on the NTFS Volume.

Junction point:

 Is a physical location on a hard disk that points to data that is located elsewhere on the hard disk or on another storage device? Junction points look like folders and behave like folders but they are not folders. A junction point contains a link to another folder. When a program opens it, the junction point automatically redirects the program to the folder to which the junction point is linked

Staging Folder:

Whenever you change the GPO settings the corresponding policy folder in SYSVOL get updated and this change needs to be replicated to other replication members (Domain controller) how it’s happens? Staging folder acts like a queue for changed files and folders to be replicated to downstream partners.

FRS creates a file in staging folder by using APIs (backup application programming interfaces) based on the change and replicates to the downstream partners, downstream partners use restore APIs to reconstruct the staging files in the preinstall folder, full file get copied from staging folder to preinstall folder.

Preinstall folder :

Preinstall folder is nothing but the DO_NOT_REMOVE_NtFrs_PreInstall_Directory. Folder located under the replica root (Domain folder). Files and folders are replicated from the upstream partner staging folder. After the file or folder is completely replicated, it is renamed to its target location in the replica tree. So that partially constructed files are not visible in the replica tree

Pre-existing folder:

The pre-existing folder, named NtFrs_PreExisting___See EventLog, is an optional folder that is located under the replica root (Domain folder). It may not be available by default like others folders, If pre-existing folder is present on a replica member then mostly one of the below reasons.

• Active Directory Restore:

• SYSVOL Non-authoritative restore (also called D2):

• Server was pre-staged before it was added to the replica set

Mostly FRS moves existing data in the replica tree to the pre-existing folder and then receives the updated replica tree from one of the upstream partners and deletes the files inside the pre-existing folder after the successful completion of replication.

Policies Folder:

Policy folder contains the list of folders for each policy, if you create a new Group Policy it will create a Group policy templates folder on SYSVOL share under policy, it will contain the group policy setting related to that policy, GPT folder name would be Globally Unique Identifier (GUID) of the GPO that you created.

Scripts Folder:

Script Folder contains all the logon/logoff scripts which is used by the various policies

Monitoring Tool:

Ultrasound

Ultrasound is a powerful tool that measures the functioning of FRS replica sets by providing health ratings and historical information of these sets. The Ultrasound tool is a sophisticated monitoring system that uses Windows Management Instrumentation (WMI) providers, a data collection service, a Microsoft SQL Server Desktop Engine (MSDE) database, and a powerful user interface.

Rebuild SYSVOL using D4 and D2

How to force an authoritative (D4) good DC and non-authoritative (D2) bad DC synchronization

How to rebuild/recreate Active Directory SYSVOL and NETLOGON share... After domain controller migration from old to new you may face this problem..

Before proceed with this guide first check the health of DC by running dcdiag /q and repadmin /replsummary. If errors are not reported then proceed.

Before you begin, keep a backup of SYSVOL & NETLOGON on working DC.

Log on to working Domain Controller and Stop the File Replication Service.

Then open Registry editor (Regedit) and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup path and modify BurFlags attribute value to D4

And Start File Replication Service

Wait for File Replication event ID 13516

Event Descriptions

"The File Replication Service is no longer preventing the comptuer DCNAME from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL."

Now log in to problematic domain controller and stop the File Replication Service.

Go to "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup" path and modify BurFlags attribute and change the value to D2

Start File Replication Service

And wait for File Replication event ID 13516

How To Know The Primary Member of A SYSVOL Replica Set?

This article explains how to determine the Primary Member of a SYSVOL Replica Set in an Active Directory domain.

The Primary Member is used by all the domain controllers to sync the SYSVOL Replica Set. The first DC in a domain is always the FRS Primary Member. This is useful when you want to perform a D4 operation on SYSVOL Replica Set.

Steps:

§  Log on to a DC.

§  Use ADSIEdit.msc snap-in

§  Navigate to the following location:

Domain NC > CN=System > CN=File Replication Service > CN=Domain System Volume (SYSVOL share) Properties

§  Go to Attribute Editor and check the attribute by name: fRSPrimaryMember

The above attribute will have the DC name on which the FRS was initially started and created the SYSVOL folder. If you ever encounter any problem and want to initate a D4/D2 operation on SYSVOL Replica Set then always use this DC as the Primary DC for D4 and other Domain Controllers as the D2. When you restart FRS, the D2 DCs will sync from the D4 DC.