SYSVOL is a folder shared by domain controller to hold its logon scripts, group policies and other items related to AD. All the domain controllers in network will replicate the content of SYSVOL folder. The default path for SYSVOL folder is %SystemRoot%\SYSVOL. This folder path can define when you install the active directory.
Windows Server 2003 and 2003 R2 uses File Replication Service (FRS) to replicate SYSVOL folder content to other domain controllers. But Windows server 2008 and later uses Distributed File System (DFS) for the replication. DFS is more efficient than FRS. Since windows server 2003 is going out of support, most people already done or still looking for migrate in to latest versions. However migrating FSMO roles WILL NOT migrate SYSVOL replication from FRS to DFS. Most of the engineers forget about this step when they migrate from windows 2003 to new versions.
For FRS to DFS migration we uses the Dfsrmig.exe utility. More info about it available on https://technet.microsoft.com/en-au/library/dd641227(v=ws.10).aspx
For the demo I am using windows server 2012 R2 server and I migrated FSMO roles already from a windows server 2003 R2 server.
In order to proceed with the migration forest function level must set to windows server 2008 or later. So if your organization not done this yet first step is to get the forest and domain function level updated.
You can verify if the system uses the FRS using dfsrmig /getglobalstate , To do this
1) Log in to domain controller as Domain admin or Enterprise Admin
2) Launch powershell console and type dfsrmig /getglobalstate. Output explains it’s not initiated DFRS migration yet.
Before move in to the configurations we need to look into stages of the migration.
There are four stable states going along with the four migration phases.
1) State 0 – Start
2) State 1 – Prepared
3) State 2 – Redirected
4) State 3 – Eliminated
State 0 – Start
With initiating this state, FRS will replicate SYSVOL folder among the domain controllers. It is important to have up to date copy of SYSVOL before begins the migration process to avoid any conflicts.
State 1 – Prepared
In this state while FRS continues replicating SYSVOL folder, DFSR will replicate a copy of SYSVOL folder. It will be located in %SystemRoot%\SYSVOL_DFRS by default. But this SYSVOL will not response for any other domain controller service requests.
State 2 – Redirected
In this state the DFSR copy of SYSVOL starts to response for SYSVOL service requests. FRS will continue the replication of its own SYSVOL copy but will not involve with production SYSVOL replication.
State 3 – Eliminated
In this state, DFS Replication will continue its replication and servicing SYSVOL requests. Windows will delete original SYSVOL folder users by FRS replication and stop the FRS replication.
In order to migrate from FRS to DFSR its must to go from State 1 to State 3.
Let’s look in to the migration steps.
Prepared State
1. Log in to domain controller as Domain admin or Enterprise Admin
2. Launch powershell console
3. Type dfsrmig /setglobalstate 1 and press enter
4. Type dfsrmig /getmigrationstate to confirm all domain controllers have reached prepared state
Redirected State
1. Log in to domain controller as Domain admin or Enterprise Admin
2. Launch powershell console
3. Type dfsrmig /setglobalstate 2 and press enter
4. Type dfsrmig /getmigrationstate to confirm all domain controllers have reached redirected state
Eliminated State
1. Log in to domain controller as Domain admin or Enterprise Admin
2. Launch powershell console
3. Type dfsrmig /setglobalstate 3 and press enter
4. Type dfsrmig /getmigrationstate to confirm all domain controllers have reached eliminated state
This completes the migration process and to confirm the SYSVOL share, type net share command and enter.
Also make sure in each domain controller FRS service is stopped and disabled.
'IT이야기 > ActiveDirectory' 카테고리의 다른 글
AD Migration 후 SYSVOL 복제 방식 변경 (FRS -> DFSR) (0) | 2024.04.24 |
---|---|
그룹 정책: IE 보안 강화 구성(IE ESC) 사용 안 함 (0) | 2023.04.06 |
사용자 지정 Active Directory 특성 만들기 (0) | 2023.03.03 |
[Windows] Event Log를 필터링하기(XML을 통한 Custom View생성) (0) | 2022.12.13 |
특정 사용자 계정잠금 예외처리(Active Directory 관리 센터) (0) | 2022.12.13 |