When working with Active Directory, there are a few different replication systems in place. One of the key replications is that of the SYSVOL as this replicates the group policy settings throughout a domain. SYSVOL replication is a bit different from regular AD replication as it replicates files used by SYSVOL (as opposed to individual items contained in the AD database).
Originally with Windows 2000, Microsoft developed the File Replication System (FRS) as a method to replicate the SYSVOL. For anyone who has used FRS replication over the years, though, you know that it can have problems. For example, there is the dreaded Journal Wrap error (http://support.microsoft.com/kb/292438). Also, the monitoring tools with FRS are limited. There are some free tools developed by MS such as Ultrasound and Sonar, but these tools are limited and don’t always seem to work well.
With the release of 2003 R2, MS developed a new replication model using Distributed File System Replication (DFS-R). DFS-R has a number of advantages over FRS replication:
- Uses block-level replication – only replicates blocks of a file that has changed rather than the entire file.
- Better reporting and troubleshooting tools – using DFS Management console, it is easy to produce reports detailing the replication and any errors/warnings.
- Bandwidth throttling – is sensitive to bandwidth and throttles replication based upon available bandwidth.
Now that we are running Windows 2008 R2 on all of our DCs (and are at domain functional level of 2008 R2 – although it would work fine with 2008, as well), we are now able to take advantage of DFS-R for replicating our SYSVOL. Besides the above advantages, it is also important to note that
Prior to making any changes to our replication model, we first want to verify that FRS replication is working properly. In our environment, I have Ultrasound running and found a few errors. Once those errors were resolved, I was ready to begin the process of moving to DFS-R replication for the SYSVOL. To complete this process, we complete three steps:
- Prepared State – This is where it will initially replicate the SYSVOL to all of your DCs using DFS-R replication. It creates a new folder on your DC (SYSVOL_DFSR). Once at this stage, you can verify that replication is working properly by running diagnostic reports.
- Redirected State – When moving to this state, your SYSVOL share now points to the new SYSVOL_DFSR folder so your clients will now retrieve their group policies from the new share. This step can be reversed if you run into issues.
- Eliminated State – This step eliminates the dependency of the NTDS service and the FRS service and deletes the SYSVOL folder. This step cannot be reversed!
I recommend reading the resources below for more information and steps to complete at each state change.
Once you have completed your migration, you can now have an email sent to you on a schedule about the health of your DFS-R environment. See http://blog.powershell.no/2010/12/30/dfs-r-health-report-for-sysvol/ for details on setting this up.
Resources:
—————————————————————————————–
http://technet.microsoft.com/en-us/library/dd640019(WS.10).aspx – Technet Guide to SYSVOL Migration
http://blogs.technet.com/b/askds/archive/2009/01/05/dfsr-sysvol-migration-faq-useful-trivia-that-may-save-your-follicles.aspx – Ask DS FAQ on SYSVOL migration
http://technet.microsoft.com/en-us/magazine/gg690154.aspx – MS Windows: Make the Move to DFS