piszczynski>Aleks |
piszczynski>Aleks No edit summary |
||
Line 13: | Line 13: | ||
Check for any DNS issues for entries associated with the Domain Controllers. | Check for any DNS issues for entries associated with the Domain Controllers. | ||
== Sysvol Replication Issues == | |||
If there are issues with domain replication use the following tools to diagnose: | |||
*dcdiag - will provide fill diagnostics on the domain controllers use /c to do all tests (dcdiag /c) | |||
*repadmin - will provide details on replication between domain controllers - use eg : repadmin /replsummary | |||
== DFSR configuration Rebuild == | |||
Use this process to rebuild the sysvol replication group without demoting and promoting domain controllers | |||
To check if this is required look in ADSIedit.msc for the entries for the domain controllers, if they do not have the CN=DFSR-Localsettings in the AD object then it is likely there is no DFSR config. | |||
1: Take backups | |||
2: Shut down DFSR services on all domain controllers | |||
3: On the Domain controller with PDCEmulator FSMO role enter the following Reg keys: | |||
---- | |||
<pre> | |||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols] | |||
Information Is Committed=dword:00000001 | |||
</pre> | |||
---- | |||
<pre> | |||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols\<Yourdomain>] | |||
Is Primary=dword:00000001 | |||
Command=DcPromo Parent Computer="" (entry is blank) | |||
Replicated Folder Name=<yourdomain> | |||
Replicated Folder Root=C:\Windows\SYSVOL\Domain Replicated | |||
Folder Root Set=C:\Windows\SYSVOL\sysvol\<yourdomain> | |||
Replicated Folder Stage=C:\Windows\SYSVOL\staging areas\<yourdomain> | |||
Replication Group Name=<yourdomain> | |||
Replication Group Type=Domain" | |||
</pre> | |||
Make sure "is primary" is only = 1 on the PDC emulator DC | |||
---- | |||
4:Start DFSR on PDCEmulator domain controller CN=Domain System Volume will be recreated under CN=Dfsr-GlobalSettings,CN=System,DC=<DOMAIN> All created registry keys and values will be deleted DFSR Event 4602 will be written on the PDCE | |||
5:Create the following Reg keys on the other writable domain controllers(not RODC): | |||
---- | |||
<pre> | |||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols] | |||
Information Is Committed=dword:00000001 | |||
</pre> | |||
---- | |||
<pre> | |||
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols\<Yourdomain>] | |||
Is Primary=dword:00000000 | |||
Command=DcPromo Parent Computer="DC01.yourdomain" (point to FQDN of PDC emulator DC - the previously configured one) | |||
Replicated Folder Name=<yourdomain> | |||
Replicated Folder Root=C:\Windows\SYSVOL\Domain Replicated | |||
Folder Root Set=C:\Windows\SYSVOL\sysvol\<yourdomain> | |||
Replicated Folder Stage=C:\Windows\SYSVOL\staging areas\<yourdomain> | |||
Replication Group Name=<yourdomain> | |||
Replication Group Type=Domain" | |||
</pre> | |||
---- | |||
6: Start DFSR server on other domain controllers - CN=Domain System Volume will be recreated under CN=Dfsr-GlobalSettings,CN=System,DC=<DOMAIN> All created registry keys and values will be deleted DFSR Event 4614, 6805, and 4804 will be written when the server is replicating SYSVOL successfully Be Patient, it might take few minutes before replication starts |
Revision as of 17:43, 8 July 2022
Domain Controller Info
Testing of Domain Replication between controllers can be done using "repadmin" command
- repadmin /replsummary (Identifies domain controllers that are failing inbound replication or outbound replication, and summarizes the results in a report.)
Get detailed info on domain controller status:
- dcdiag /v /c /e | out-file C:\temp\dctest.txt
Domain Controller Troubleshooting
If there is an issue with creating group policy there may be an issue with the sysvol directory. Check for replication issues and any changes to the permissions that might have occurred.
Check for any DNS issues for entries associated with the Domain Controllers.
Sysvol Replication Issues
If there are issues with domain replication use the following tools to diagnose:
- dcdiag - will provide fill diagnostics on the domain controllers use /c to do all tests (dcdiag /c)
- repadmin - will provide details on replication between domain controllers - use eg : repadmin /replsummary
DFSR configuration Rebuild
Use this process to rebuild the sysvol replication group without demoting and promoting domain controllers
To check if this is required look in ADSIedit.msc for the entries for the domain controllers, if they do not have the CN=DFSR-Localsettings in the AD object then it is likely there is no DFSR config.
1: Take backups
2: Shut down DFSR services on all domain controllers
3: On the Domain controller with PDCEmulator FSMO role enter the following Reg keys:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols] Information Is Committed=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols\<Yourdomain>] Is Primary=dword:00000001 Command=DcPromo Parent Computer="" (entry is blank) Replicated Folder Name=<yourdomain> Replicated Folder Root=C:\Windows\SYSVOL\Domain Replicated Folder Root Set=C:\Windows\SYSVOL\sysvol\<yourdomain> Replicated Folder Stage=C:\Windows\SYSVOL\staging areas\<yourdomain> Replication Group Name=<yourdomain> Replication Group Type=Domain"
Make sure "is primary" is only = 1 on the PDC emulator DC
4:Start DFSR on PDCEmulator domain controller CN=Domain System Volume will be recreated under CN=Dfsr-GlobalSettings,CN=System,DC=<DOMAIN> All created registry keys and values will be deleted DFSR Event 4602 will be written on the PDCE
5:Create the following Reg keys on the other writable domain controllers(not RODC):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols] Information Is Committed=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols\<Yourdomain>] Is Primary=dword:00000000 Command=DcPromo Parent Computer="DC01.yourdomain" (point to FQDN of PDC emulator DC - the previously configured one) Replicated Folder Name=<yourdomain> Replicated Folder Root=C:\Windows\SYSVOL\Domain Replicated Folder Root Set=C:\Windows\SYSVOL\sysvol\<yourdomain> Replicated Folder Stage=C:\Windows\SYSVOL\staging areas\<yourdomain> Replication Group Name=<yourdomain> Replication Group Type=Domain"
6: Start DFSR server on other domain controllers - CN=Domain System Volume will be recreated under CN=Dfsr-GlobalSettings,CN=System,DC=<DOMAIN> All created registry keys and values will be deleted DFSR Event 4614, 6805, and 4804 will be written when the server is replicating SYSVOL successfully Be Patient, it might take few minutes before replication starts