How to perform a non-authoritative SYSVOL restoration
If you are facing issues with some Group Policies or scripts not available on DC(s) in the SYSVOL domain folder to a specific Domain Controller or if you have realized that the GPOs are not up to date, this post shows how to fix that by doing the steps to perform a non-authoritative Sysvol restore on FRS and DFSR.
Table of Content
Steps if your environment is using FRS to replicate SYSVOL
This procedure is due only if your environment is using FRS to replicate SYSVOL. Continue reading below for DFSR environment.
On the failed Domain Controller execute the following steps:
1 – Open the prompt as administrator and run: net stop ntfrs;
2 – Open services.msc and set “File Replication” service as Manual;
3 – Open regedit, and edit the registry key to the value “d2“:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags
4 – On the prompt, now run the command: net start ntfrs;
5 – Set “File Replication” service as Automatic;
6 – Open Event Viewer and look for the event ID 13566 and 13516 in the File Replication Service.
In the case the above steps doesn’t work, try the following:
1 – Copy the script folder from a healthy DC, and paste it on c:\Sysvol\sysvol\contoso.com of the failed DC;
2 – Set the value “1” for the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sysvolReady
3 – Restart the services netlogon and ntfrs.
Steps if your environment is using DFSR to replicate SYSVOL
To perform a non-authoritative SYSVOL folder restoration on a DFSR environment, follow these steps:
- Determine the Cause:
- Identify why you need to perform a non-authoritative restore. Common reasons include corruption of the SYSVOL folder or replication issues.
- Stop the DFS Replication Service:
- On the domain controller that requires the non-authoritative restore, open a Command Prompt with administrative privileges and type:
net stop dfsr
- This stops the DFS Replication service.
- Delete the DFSR Database:
- Navigate to the
C:\\\\System Volume Information\\\\DFSR
folder and delete thedfsr.db
file. This forces the domain controller to reinitialize the DFSR database.
- Navigate to the
- Modify the Registry:
- Open the Registry Editor (
regedit
) and navigate to:
HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\DFSR\\\\Parameters\\\\SysVols\\\\Migrating SysVols
- Change the
SysVolReady
value to0
.
- Open the Registry Editor (
- Restart the DFS Replication Service:
- Start the DFS Replication service again by typing:
net start dfsr
- Force a Replication:
- Force replication from a healthy domain controller by opening a Command Prompt with administrative privileges and typing:
dfsrdiag pollad
- This command forces DFSR to poll Active Directory for configuration changes.
- Verify the Replication:
- Monitor the Event Viewer for any errors or warnings related to DFS Replication. Ensure that the SYSVOL folder is properly replicating by checking the
DFSR
logs under “Applications and Services Logs” in Event Viewer.
- Monitor the Event Viewer for any errors or warnings related to DFS Replication. Ensure that the SYSVOL folder is properly replicating by checking the
- Check SYSVOL Status:
- Ensure that the
SysVolReady
registry key is set back to1
. This can be checked again in the Registry Editor under:
HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\DFSR\\\\Parameters\\\\SysVols\\\\Migrating SysVols
- Ensure that the
By following these steps, you can perform a non-authoritative restore of the SYSVOL folder, allowing the domain controller to synchronize its SYSVOL contents from a healthy replication partner.
Still need help to perform a non-authoritative SYSVOL?
Running out of ideas and time on how to perform a non-authoritative SYSVOL restoration in your environment?
Please, get in touch with me, I will be happy to provide a quick resolution for you on how to resolve it at a fair price.
Check out more similar articles below
Microsoft 365 Setup: Practical Guide For IT Pros
Microsoft 365 Setup: Practical Step-by-Step Guide for IT Pros Welcome to Microsoft 365 Setup: Practical…
Ultimate Tutorial How to Deploy Hyper-V Failover Cluster
Ultimate Tutorial: How to deploy Hyper-V Failover Cluster This post aims to guidance you on…
How to configure NTP server in AD
How to configure NTP server in Active Directory, Step by step If you want to…
How to fix clients not showing up in WSUS
How to fix clients not showing up in WSUS If you are facing problems with…
The Ultimate Guide: What is DSRM in Active Directory
The Ultimate Guide: What is DSRM in Active Directory (Directory Services Restore Mode)? Directory Services…
How to add UPN suffix in Active Directory
How to add UPN suffix in Active Directory If you want to know how to…