Lopes Cloud
Linkedin X (Twitter)

[ACTIVE DIRECTORY] – SYSVOL and NETLOGON not syncing

SYSVOL and NETLOGON folders weren’t syncing between domain controllers or the folders did not exist at the secondary DC.

If you have this issue, users that authenticate at the DC that don´t have the data of SYSVOL and NETLOGON will not receive the GPO policy and will receive errors when you run the GPUPDATE command.

To fix the sync between DC follow the instructions below:

  1. Logon to your primary Domain Controller and Stop the DFS Replication service.
    START->ADMINISTRATIVE TOOLS -> SERVICES
  2. Open ADSI EDIT and connect to the Default Naming Context

  3. Expand ADSIEDT until the CN=SYSVOL Subscription of the Primary Domain Controller
    CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=PRIMARY-DOMAIN-CONTROLLER,OU=Domain Controllers,DC=DOMAIN.LOCAL
  4. Edit the attribute of the two entries:
    1. msDFSR-Enabled=FALSE

    2. msDFSR-options=
  5. Now access the secondary DC (or others that you may have) and change from ADSIEDIT (steps 2-4):
    CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=SECONDARY-DOMAIN-CONTROLLER,OU=Domain Controllers,DC=DOMAIN.LOCAL
    1. msDFSR-Enabled=False
  6. Back to the Primary Domain Controller, open PowerShell as admin, and force the replication with the command bellow 
    repadmin /syncall PRIMARY-DC-NAME /APed

    Be sure the command terminates with no errors

  7. Start DFS Replication service back on Primary Domain Controller
  8. Now open Eventvwr and check the DFS Replication event with ID 4114
  9. From Primary Domain Controller, open again ADSIT and change the msDFSR-Enabled to TRUE
    CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=PRIMARY-DOMAIN-CONTROLLER,OU=Domain Controllers,DC=DOMAIN.LOCAL

  10. Open Command one more time and run 
    DFSRDIAG POLLAD

  11. REPEAT STEP 6
    Back to the Primary Domain Controller, open PowerShell as admin, and force the replication with the command bellow 
    repadmin /syncall PRIMARY-DC-NAME /APed
  12. Open Eventvwr and check the DFS Replication event with ID 4602 (it could take some time to show up)
  13. Now access the secondary DC (or others that you may have) and change from ADSIEDIT (steps 2-4):
    CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=SECONDARY-DOMAIN-CONTROLLER,OU=Domain Controllers,DC=DOMAIN.LOCAL
    1. msDFSR-Enabled=True
       
  14. Open Command one more time and run 
    DFSRDIAG POLLAD

  15. Wait a few minutes and access each DC:
    1. Access the \\localhost
      1. You should see NETLOGON and SYSVOL folder
    2. Access Eventvwr you should see event ID 4114

Compartilhe:

Bruno Lopes

Bruno Lopes

Hey there! I'm Bruno Lopes a consultant based in São Paulo, Brazil. I have been working in the IT industry for over 18+ years and have worked in a variety of roles, from helpdesk to systems administration and now as a cloud consultant. I worked in all aspects of Microsoft technology from end-user computing to on-premises data centers but now I spend all my time working with Microsoft Azure and Microsoft 365, deploying and automating solutions for customers across a wide range of industries. When I'm not focusing on IT, I enjoy music and reading, spending as much time as possible with my wife and daughter.

Continue lendo...

[AWS] – AZURE AD SSO – ENTERPRISE APPLICATION

This guide outlines setting up Azure AD SSO with AWS, streamlining access management for enterprise applications.
Leia mais

[MICROSOFT 365] – FORCE AD USER SYNC WITH ENTRA ID

Issue: Facing synchronization challenges with Active Directory (AD) users in Microsoft Entra ID (formerly known as Azure AD)? You’re not alone. It’s a common scenario where AD users fail to

Leia mais

[MICROSOFT SQL] – CHANGE DB OWNER

Change Microsoft SQL database owner with ALTER DATABASE and ALTER AUTHORIZATION commands for streamlined ownership management.
Leia mais

[HYPER-V] – KILL VM PROCESS

To kill a VM process follow the steps below: Open POWERSHELL as administrator:

Leia mais