Hello, my name is David and I'm a principal engineer with Dell. Today, I'm going to show you how to perform an authoritative sync of CIS V data using distributed file system replication or DFS R. DF. Sr is the newer method of replicating CIS it's more robust than the old method file replication service or FR S. But it does still from time to time run into problems when that happens, it may be necessary to force synchronization in order to get replication working again. In this video, we're going to talk about performing an authoritative sync in which we designate one of the domain controllers as the authoritative source of CYF data and configure the other domain controllers to replicate from it.
We've got three domain controllers in our environment name DC one, DC two and DC three. We can tell there's a problem by looking at the DFS replication event log. As we see here on DC one, it's showing several recent errors, the errors themselves are not that important, but we know that there is a problem because these errors are quite recent. If we look at the same event log on DC two, we see the same errors. And if we look at the log on DC three, we also see the same. So all three of our domain controllers have got problems with DFSR. And that's one of the main reasons why we have to do an authoritative sync.
We don't have a working DC from which to copy cis fol data at the moment. DC. One is going to be our authoritative DC. And I'll show you why If we look in group policy management, we can see here that we have 13 gps. I've sorted them by modified dates. You can see that the three on top were created today. And if we look in the CIS V content folder, we can see that there are 13 folders here containing template files for those GPO S. And if we look in the same location on DC two, we only see 10. So the three most recently created ones have not been replicated to DC two. And if we look at the same location on DC three, we also only see 10.
So DC one has the most up to date copy of the CYF data. And that's why it's going to be our authoritative source. Now to begin the authoritative sync, we will launch a ZIT and connect to the default naming context. We're already connected here underneath here will expand the domain, then expand domain controllers and we'll start with DC one, then expand DFSR local settings and select domain system volume. You see the C fall subscription object here, we will edit it and scroll down to an attribute called MSDF sr enabled. We'll set that to false. If you've seen the non authoritative sync video, this should look a little familiar for now. And we do the same thing on DC two.
Go to the same location, find the same attribute, set it to falls and then we'll also do the same thing on DC three. And now that we've got that set in the A database on DC one, we'll use rep admin, sync all slash capital A capital P lowercase E lowercase D to force replication from DC one to the other D CS so that they will all receive that change and that command has completed. Now, we'll run DFS R diag pole A to tell DFS R to check A for configuration changes. And we'll do that on all three domain controllers. We could probably do this through remote powershell, but it's just as easy to do it this way. OK. So we've run the command on all three dcs and now we'll refresh the event viewer and we see event 4114 and 2010. Both informational events. These are indicating that DFS replication has detected that all replicated folders on volume C have been disabled or deleted.
Basically, we've, we've disabled DFS R replication of CIS all on all three of the dcs. Now we look DC two shows the same events and just check DC three, make sure they've got the same thing as well. So at the moment, we've got DFS replication of CIS fall disabled on all 3D CS. Now we need to begin re enabling it. But on DC one, there's another attribute that we need to change as well. So we go back to Etsy edit, go back to the same object here on DC one that we edited before change M SDS are enabled to true. But then we scroll down and go to MSDF SR options and set that to one. And we only want to set that to one on the DC that we're setting as authoritative.
We don't want to set that to one on any other DC. And once we've made that change, we run DFSR diag pole ad again and it succeeds. Now we refresh the event viewer again and we see event id, 4602 the DFS replication service successfully initialized the CFA replicated folder at the path. This member is the designated primary member for this replicated folder that confirms that the authoritative initialization has completed on DC one. And it says to check for the presence of the CIS full share run net share from the command prompt. So that's what we'll do and it does show CIS fall and net log on shares as expected. So now that we have done that on DC one, we need to essentially perform a non authoritative sync on DC two and DC three. So we set MS dfsr enabled to true on DC two and then do the same on DC three.
Notice we're not touching the MS dfsr options attribute, just the enabled attribute. So that's done, we do have to force replication at this point since we made changes on the objects for DC two and DC three. So once again, we use the rep admin sync all command and that has completed. Now we need to go to DC two and run DF sr Diag pull a again that succeeds, then we'll do the same thing on DC three. So they both refresh their DFS R configuration from A. If we go back into the DFS replication event log and refresh it, we'll see uh warning 4614 saying it's initialized CIS V at the, the CIS V path and is waiting to perform initial replication.
If we wait just a few seconds, you can see that there are new events again. And if we refresh that now we can see event 46 and four saying that DFSR successfully initialized cis fall replicated folder at the path and it has completed initial synchronization from its source. We run nets share like it says, and you can see we do have CIS Fall and net login shares. And here in the Cis Fall content directory, we see we now have 13 folders containing template files. So we go back to DC three and do the same thing. We refresh the event log and we see event 4604 has already been logged here and had enough time to complete initial replication, initial synchronization.
So we run nets share here and it also shows his fall in net login shares. Let me check file explorer and see that it also contains 13 folders containing template files. And we can see that the top three with the modified date of today have replicated just like they did on DC two. This confirms that the authoritative sync has completed on DC one and effectively non authoritative sync has completed on DC two and DC three. Once again,
my name is David. I'm a principal engineer with Dell and thank you for watching.
