Migrate SYSVOL from FRS to DFSR

21 January 2020 Off By Rached CHADER

Presentation

Windows 2000 Server and Windows Server 2003 use the File Replication Service (FRS) to replicate SYSVOL, while Windows Server 2008 uses the newer DFS Replication service in domains that use the Windows Server 2008 domain functional level, and FRS for domains that run older domain functional levels.

From Windows Server 2008 R2, Microsoft no longer allows the use of FRS technology for folder replication but for compatibility reasons leaves this possibility for the SYSVOL folder up to Windows Server 2012 R2 (and its functional level of corresponding forest / domain).

From Windows Server 2016 The FRS mechanism is no longer supported by any domain controller

How to see if FRS or DFSR is used?

  • We are going to ADSIEdit..
  • Default Naming Context
  • We go to CN = domain, DC = local
  • CN = System
  • CN = DFSR-GlobalSettings.
  • DFSR-GlobalSettings property.
  • Search msDFSR-Flags
  • When the value is zero, then FRS is currently used for replicating the SYSVOL folder.
  • When the value is 48, then DFSR is currently used for replicating the SYSVOL folder.
  • When the value is 0, 16 or 32, the migration of the replication mechanism is in progress (0 corresponds to the Start state, 16 corresponds to the Prepared state, 32 corresponds to the Redirected state and 48 corresponds to Eliminated state).

Prerequisites

  • The migration process is done from the domain controller having the PDC role.
  • All domain controllers must be at least Windows Server 2008.
  • Domain functional level must be at least Windows Server 2008 level
  • DFSR must be installed on all domain controllers.
  • Active Directory replication should not have a problem: RepAdmin / ReplSum

Migration

Transition to the “Prepared” state

1
dfsrmig.exe /setGlobalState 1

We will check the state of the controllers by typing the command regularly, until all the controllers have entered the “Prepared” state.

1
dfsrmig.exe /getMigrationState
  • The usual SYSVOL directory is always replicated by FRS
  • A new SYSVOL_DFSR directory is created and is replicated by DFSR
  • SYSVOL share always points to the SYSVOL directory

Transition to the “Redirected” state

1
dfsrmig.exe /setGlobalState 2

We will check the state of the controllers by typing the command regularly, until all the controllers have entered the “Redirected” state.

1
dfsrmig.exe /getMigrationState
  • The usual SYSVOL directory is always replicated by FRS
  • The new SYSVOL_DFSR directory is replicated by DFSR
  • SYSVOL share now points to new SYSVOL_DFSR directory

Transition to the “Eliminated” state

1
dfsrmig.exe /setGlobalState 3

We will check the state of the controllers by typing the command regularly, until all the controllers have gone to the “Eliminated” state.

1
dfsrmig.exe /getMigrationState
  • SYSVOL directory is deleted
  • Only the SYSVOL_DFSR directory replicated by DFSR remains
  • SYSVOL share points to the SYSVOL_DFSR directory
  • The “File Replication Service” (FRS) service is stopped and goes to “Disabled”.

Verification

We will check via the advanced view of the Active Directory Users and Computers console if the replication of the domain controllers has gone well in DFSR:

Finally, if your antivirus is suspicious of SYSVOL, remember to modify the exclusion path from SYSVOL to SYSVOL_DFSR.

Visits: 3114

CategoryActive Directory System administration Windows 2008 Windows 2012 Windows 2016 Windows 2019 Windows servers
Tags-DFSR -FRS FRS to DFSR Migrate SYSVOL from FRS to DFSR