Jude's Blog

Posts Tagged ‘windows server

SYSVOL migration from FRS to DFSR step by step

leave a comment »

If you have a Domain Controller environment that’s Windows server 2003, 2008 or 2008 R2 it is high time to get your environment upgraded to the latest Windows Server environment. However, if you are currently using an above operating system OR if you previously upgraded from a legacy domain controller environment such as 2003, you might want to perform some extra steps prior upgrading or migrating to the new Windows Server 2016+ domain controllers.

Here’s the background of the story.

File Replication Service (FRS) came into the picture with Windows Server 2000. Microsoft was using FRS to replicate the SYSVOL between its domain controller members. Later on with Windows Server 2008, Microsoft introduced Distributed File System Replication (DFSR) that was able to replicate SYSVOL.

However, environments which got migrated from legacy 2003 domain controllers tend to utilize FRS. However when an upgrade is in place for your domain controllers, one thing you need to consider is raising your Forest and Domain functional levels.

For an example, a Windows server 2008 R2 with a Windows Server 2003 Forest and Domain functional level may still be using FRS as the default SYSVOL replication method. In this environment if you are to upgrade your domain controllers to Windows Server 2016 you will come into issues with FRS.

Windows Server version 1709 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.

When you try to add a Windows Server version 1709-based server as a DC to the domain, you receive the following error message:

  • The specified domain %1 is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.
  • The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
  • You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.

How to overcome this? Well, there is only one way and that is to migrate the replication method of the SYSVOL to DFSR. Let’s see steps to perform the migration.

First thing you might want to do is to check what SYSVOL replication is used in your environment. To do this, open up the command prompt using administrator and run the below command;

dfsrmig /GetGlobalState

dfsrmig /GetMigrationState

What you need to focus on the result is the state mentioned Global state (‘<State>’).

  • In most cases, you will see “START” as the state, you are running FRS and is required to perform the migration.
  • If you have “ELIMINATED” as the state, you don’t have to worry as it will be using DFSR.

Prerequisites

This is a very important stage. Why? Well you are dealing with your SYSVOL and its better to start the migration process knowing that your domain environment is running in a healthy state.

  • You should have domain controllers running Windows Server 2008 or above ONLY. Any domain controller running windows server 2003 will not be able to perform the task as you won’t be able to raise the functional levels to 2008 or above.
  • You should be running Windows Server 2008 or above domain/forest functional levels. If you don’t, it’s time to raise the functional levels.
  • Make sure that you have installed all the updates; without updates, you might still be able to go through this but it’s always recommended.
  • Verify that the built-in Administrators group has the “Manage Auditing and Security Log” user right on all your domain controllers. You can check this via running a gpresult.exe command on your domain controllers.
  • Ensure that replication for your entire organization is in a healthy state. For this, use an administrator command prompt to run the below commands;
    • repadmin /syncall /AdeP – Initiate a full sync and wait
    • repadmin /replsum – See if replication was run and you are shown with a minimum time (most recent time would be the time where you ran the above command)
    • dcdiag /e /c /q – Provides you a summary of the errors on your directory configuration for the entire environment
    • dcdiag /e /test:sysvolcheck /test:advertising – This will ensure that SYSVOL is advertised among all domain controllers without any issues
    • If you encounter any abnormal issues, don’t proceed. Fix It!

Migration

In this document I will be taking you through the process of what we call a ‘Quick Migration’. This involves migrating in a slow, phase by phase method where you will have the option to roll back. This is always preferred.

The migration will take you through migrating to below levels step by step;

0 Start State

1 Prepared State

2 Redirected State

3 Eliminated State

For the next few steps, we will be using the command ‘dfsrmig /SetGlobalState <state>’ where the state can be chosen from the above numerical value 0-3.

Prepared State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 1

What happens is that the initiated domain controller will start the migration task for the given state and will inform the rest of the servers. Therefore this will take time and depending on your links, the time to complete on each server may vary. Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Prepared

Also notice that you will have a new folder inside the NTDS for SYSVOL;

Redirected State

As we saw earlier, you will be shown to be in the ‘Start State’. Our task is to migrate the DFSR state to ‘Prepared’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 2

Once the command is executed, wait for 15mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Redirected

Eliminated State

After the above task, you will be shown to be in the ‘Redirected State’. The next task would be the final task which is to migrate the DFSR state to ‘Eliminated’. For this, open the command prompt as administrator and run the below command;

dfsrmig /SetGlobalState 3

Once the command is executed, wait for a few mins and run the below command to view the status of the migration process.

dfsrmig /GetMigrationState

As you can see, the state is still ‘Start’ in three of my servers. What you can do to speed up the process is;

  1. Wait till it completes by itself
  2. Run a repadmin /syncall /AdeP to manually invoke replication to each domain controllers

Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Eliminated’

With this, we conclude the migration of the SYSVOL to DFSR. You can monitor for awhile and check for any errors using DCDIAG and REPADMIN.

Really appreciate all your comments, especially if i have missed anything or made a mistake regarding the installation. 🙂

(c) Copyrights Reserved! Do not share or use any content in any way without approval from poster!

Advertisements

Written by judeperera

March 19, 2019 at 4:59 am