Hello, this is David, a principal engineer with Dell. And today, I'm going to talk about performing a non authoritative sync of CIS data using distributed file system replication or DFSR DF. Sr is the newer of the two methods used to replicate CIS FLL data in a domain. The older being file replication service or FRS, most modern domains will be using DFS R to replicate CIS fall at this point. It's more robust than FRS but it can still break and sometimes it's necessary to force synchronization between domain controllers. In this video.
I'm going to show you how to perform a non authoritative sync in which our target domain controller copies the CIS data from another DC. In our environment, we have two dcs that we're going to be concerned with here. DC one and DC three, DC one will be our source DC and DC three will be our target. If we open event viewer on DC three and look in the DFS replication log, we can see errors in this case. The specific errors are not important. I intentionally broke DFS R for this demonstration. But what we can tell here is that DFS replication is not functioning correctly has not been replicating cisl data from another domain controller as it should.
If we look at event viewer on DC one, we see no errors, just informational events, there are some errors a little while back, but they have been cleared up. And DFS R on DC one is functioning properly. So the only issue here is on DC three, we can confirm that there is an issue if we go into group policy management and take a look at the number of GPS we have here, there are 10 including three test GPS that were created recently for purposes of this demonstration. If we look in the CIS fall content folder, we see 10 folders in here under CIS fall domain policies. Each one of those folders contains the template files for each of the GPS that we saw on the group policy management console. So since we have 10 GPS, we have 10 folders with template files. If we go to the same location on DC, three browse to windows, then cis fall domain and policies, we see only seven folders here.
The three test GPS that I created recently have not been replicated. So their, their template files are not present on DC three indicating once again a problem with DFS replication of the CIS fall data. Now, in order to correct this, we will perform a non authoritative sync of CIS fall to do that. We'll run ads I edit and within ads I edit, we will connect to the default naming context, leave all these values at their defaults and this will connect us to the default naming context. Under here, we will expand the default naming context, then expand the domain span, the domain controllers ou and DC three is the only one we'll be concerned with here. So we'll expand DC three and expand the F sr local settings and expand domain system volume. And here we see the CIS Fall subscription object.
We'll edit this object to take a look at its attributes here. And the attribute that we're concerned with is called MS DF Sr enabled. We want to set that to false click. OK, to confirm and OK, again. And since we're, since we actually performed this change on DC three and DC three is the only domain controller we're concerned with. At the moment, we don't need to force replication. That attribute is stored in active directory, but we're only concerned about the value on DC three. What we do need to do is run DF Sr Diag Pole A which tells DFS R to query active directory for any configuration changes we see here that the command succeeded. So we'll go back to event viewer and refresh and it'll show couple of informational events 4114 and 2010 indicating that DFS replication has been disabled.
4114 specifically refers to the CIS Fall path and 2010 just refers to DFS replication overall, since all of the replicated folders have been disabled. So now that we've done that, we go back to the same attribute and add the edit and set it back to true click, OK? To confirm and OK, again, once again, we don't need to replicate. We do need to run DF Sr Diag Pole A again, since we made another configuration change, once again, the command succeeds and we go back to event viewer and refresh once more. And now we see a warning event 4614 the DFS replication service initialized CIS fall at local path CIS fall path and is waiting to perform initial replication. And quickly we see that there are new events again. And if we refresh again, we see event 4604 which is what we're looking for.
The DFS replication service successfully initialized the CIS fall replicated folder at the path. The member has completed initial synchronization of CIS fall with partner DC one. And it says to check for the CIS fall folder, we run the net share command and that confirms that we do have CIS fall and net log on shares. And if we go back to file explorer, we see now that there are 10 folders containing GP template files that also confirms that the CIS data has replicated from DC. One.
If we go back to DC one, we can compare those folders and confirm that they are the same. So that once again was a non authoritative sync of cisl data using DFS R. My name is David and I'm a principal engineer at Dell.
Thank you for watching.
