Have YOU not had the situation where:

  • You needed to do a non-auth. restore of AD and the SYSVOL on a DC
    OR
  • You needed to do a non-auth. of the SYSVOL (BurFlags=D2) on a DC
    AND
  • That DC was across a site link at another location
    AND
  • No other DC was available at that other location
    AND
  • The schedule for the site link was very tight
    AND
  • The replication window did not start for several hours
    AND
  • The SYSVOL was empty and the DC did not make the SYSVOL available, because it was waiting for replication to occur
    AND
  • Your users were complaining all over the place because authentication went over the wire and things were too slow
    AND
  • You started pulling your hair out
    AND
  • You needed a beer, but you got none because you were still working (ain't that a ***! ;-)) )
    AND
  • .....etc....etc...etc..

Worry no more!

Right after the non-auth. restore AND the reboot of the DC (IF applicable)

  • Stop the NTFRS service
    • Open Command Prompt
    • NET STOP NTFRS
  • Execute the CMD file mentioned below
    • SYSVOL_Seeding_1_CONFIG.CMD (contents - copy/paste - enter own information!!!!)
      • REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\SysVol Seeding\Domain System Volume (SYSVOL share)"
      • REG ADD "HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\SysVol Seeding\Domain System Volume (SYSVOL share)" /v "Replica Set Parent" /t REG_SZ /d <FQDN DC WITH HEALTHY SYSVOL THAT IS ALSO USED AS AN INBOUND REPLICATION PARTNER IN SOME CONNECTION OBJECT> /f
    • REMARK:
      • <FQDN SOME DC WITH HEALTHY SYSVOL> is the upstream partner (e.g. DC.DOMAIN.LOCAL) that is used to source the SYSVOL from if the registry IS specified
  • Start the NTFRS service
    • Open Command Prompt
    • NET START NTFRS
  • Execute the CMD file mentioned below
    • SYSVOL_Seeding_2_REMOVAL.CMD (contents - copy/paste!!!!)
      • REG DELETE "HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\SysVol Seeding\Domain System Volume (SYSVOL share)" /v "Replica Set Parent" /f
      • REG DELETE "HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\SysVol Seeding\Domain System Volume (SYSVOL share)" /f
        • REG DELETE "HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\SysVol Seeding\Domain System Volume (SYSVOL share)" /f
  • Go to the SYSVOL location (NET SHARE to find out where)
  • See if the "Policies" and "Scripts" folder appear
  • See if the DC advertises itself again (FRS log)
    • --> Event ID 13565 and 13516 in the "File Replication Service Event Log"
  • Go get that beer! ;-) (as soon as you are home of course!)

More information:

Jorge

---------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
---------------------------------------------------------------------------------------