Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

How to Perform a Non-Authoritative Sync of SYSVOL Data Using Distributed File System Replication (DFSR)

Summary: This article illustrates the procedure for performing a non-authoritative sync of SYSVOL data on an Active Directory domain controller using Distributed File System Replication (DFSR).

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Instructions

Important: This article is only applicable if SYSVOL data is being replicated using Distributed File System Replication (DFSR). This has been the preferred method of replicating SYSVOL data since Windows Server 2008. It is possible, however, that the older method, File Replication System (FRS), is still in use if the domain has existed for a long time. To determine whether DFSR is in use, run dfsrmig /getmigrationstate from an elevated command prompt on a domain controller (DC). If the migration state is "Eliminated," DFSR is in use.

The SYSVOL folder hierarchy, present on all Active Directory domain controllers, is used to store two important sets of data:
  • Group Policy template files: These are stored in separate folders beneath \\SYSVOL\<domain>\Policies.
  • Logon, logoff, startup, and shutdown scripts used by machines in the domain: These are stored in \\SYSVOL\<domain>\scripts. The scripts folder is itself shared as NETLOGON.
This data is replicated among domain controllers, but SYSVOL replication takes place separately from Active Directory replication. It is possible for one to fail while the other is fully functional. In some situations, SYSVOL replication may fail and be unable to resume without manual intervention. The following steps perform a non-authoritative sync of SYSVOL. In a non-authoritative sync, the target DC copies all the SYSVOL data from another DC in the environment.

Important: In a single-DC domain, a non-authoritative sync can never succeed, since no other copy of the SYSVOL data exists. In that situation, an authoritative sync should be performed instead. Instructions for performing an authoritative sync can be found in How to Perform an Authoritative Sync of SYSVOL Data Using Distributed File System Replication (DFSR).

Before beginning this procedure, ensure that another DC exists in the environment and that its copy of the SYSVOL data is up to date. This involves browsing the SYSVOL folder hierarchy (located by default at %systemroot%\SYSVOL) to check the modified dates of Group Policy template files and script files.

To perform a non-authoritative sync of SYSVOL data using DFSR, follow these steps:

Note: For simplicity, the DC that is undergoing the non-authoritative sync is called the target DC in the steps below.
  1. On a DC, launch the ADSI Edit console (adsiedit.msc).
  2. If Default naming context is already listed in the left pane, go to the next step. Otherwise, perform the following steps to connect to the default naming context:
    1. Right-click the ADSI Edit header in the left pane and select Connect to... .
    2. Select the radio button labeled Select a well known Naming Context and select Default naming context from the dropdown list.
    3. Click OKDefault naming context should now appear in the left pane of the console.
  3. Under the default naming context, browse to DC=domain > OU=Domain Controllers > CN=servername > CN=DFSR-LocalSettings > CN=Domain System Volume. In this step, servername represents the name of the target DC.
  4. Right-click CN=SYSVOL Subscription and select Properties.
  5. Double-click the msDFSR-Enabled attribute and set its value to FALSE.
  6. Click OK to close the properties window, but leave the ADSI Edit console open.
  7. This step is not needed if ADSI Edit was launched on the target DC. Force Active Directory replication domain-wide. This may take some time, depending on the size and replication topology of the domain.
  8. On the target DC, run dfsrdiag pollad from an elevated command prompt.
  9. On the target DC, launch Event Viewer and confirm that the DFS Replication event log contains event 4114. This event indicates that SYSVOL is no longer being replicated.
  10. In ADSI Edit, double-click the msDFSR-Enabled attribute from step 5 and set its value to TRUE.
  11. This step is not needed if ADSI Edit was launched on the target DC. Force Active Directory replication domain-wide.
  12. On the target DC, run dfsrdiag pollad from an elevated command prompt.
  13. On the target DC, confirm that events 4614 and 4604 appear in the DFS Replication event log. These events indicate that this DC has performed a non-authoritative sync of SYSVOL.

Additional Information

If the dfsrdiag pollad command is not recognized, you have two options:
  • Restart the DFS Replication service instead of running the command. If other (non-SYSVOL) data is replicated by DFSR, this may cause brief interruptions.
  • Install the DFS Management tools by selecting Add Roles and Features from the Manage menu of Server Manager. The DFS Management tools are found at the location shown below.
image.png

See this video for a demonstration:

You can also view this video on YouTube.

Affected Products

Microsoft Windows Server 2016, Microsoft Windows Server 2019, Microsoft Windows Server 2022, Microsoft Windows 2008 Server R2, Microsoft Windows 2012 Server, Microsoft Windows 2012 Server R2
Article Properties
Article Number: 000207437
Article Type: How To
Last Modified: 22 Feb 2024
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.