Migrating SYSVOL AD Replication from FRS to DFS in Windows Server 2016 and 2019
*Windows Server 2016 and 2019 Do Not Support FRS for SYSVOL Replication*
The SYSVOL folder on any Active Directory domain controller stores Group Policies settings and templates, scripts, and other objects that the AD or GPO administrator placed there. And each domain controller has its own copy of GPOs, which over time is synchronized with other domain controllers in the domain. Replication is used to synchronize the contents of the SYSVOL directory between DCs, and replication is not provided by AD, but by using NtFRS (File Replication Service) or DFS-R service.
Windows Server 2008 R2 onwards Microsoft recommends using DFS replication instead of FRS, because FRS is not a reliable file replication technology. In addition, you cannot add a new DC with Windows Server 2016 to the domain that the FRS service uses for replication of SYSVOL:
We will use the AD for Windows PowerShell module:
import-module activedirectoryFirst you need to check what type of replication is used in your domain. Check the current status with the command:
dfsrmig /getglobalstateIf this command returns “DFSR migration has not yet initialized. To start migration please set global state to desired value”, this means that the FRS to DFS migration has not yet been performed.
Otherwise, a message will appear: “The current domain functional level is not Windows Server 2008 or above. DFSRMig is only supported on Windows Server 2008 or above level domains”. This means that you first need to upgrade your AD domain functional level to Windows Server 2008 or higher.
After you update the domain functional level, force a full replication of Active Directory partitions on each domain controllers using the Repadmin tool.
Repadmin /syncall /force /Aped
Check the replication and sysvol directory status to make sure replication completed successfully
repadmin /showrepl
The migration process of replicating SYSVOL to DFS consists of 4 stages:
State 0: Start
State 1: Prepared
State 2: Redirected
State 3: Eliminated
Now let’s move on to the first phase of migration (global state: Prepared). Run the command:
dfsrmig /setGlobalState 1And check the status of the domain controllers. All DC must be in Prepared state:
dfsrmig /getmigrationstate
After that, we proceed to the second phase—Redirected.
dfsrmig /setGlobalState 2
Similarly, make sure that all DCs are in the Redirected state with the command:
dfsrmig /getmigrationstateNow go to the third phase—Eliminated (Warning. This state can not be canceled!).
dfsrmig /setGlobalState 3
Check the status with the command:
dfsrmig /getmigrationstateWait until the following text appears in the results:
All Domain Controllers have migrated successfully to Global state (‘Eliminated’).
Migration has reached a consistent state on all Domain Controllers.
Succeeded.
As a result, the SYSVOL directory will be migrated to the SYSVOL_DFSR folder. Now for replication SYSVOL used the DFS service.
Verify it using the command
net share
Check replication status with the Dcdiag:
Dcdiag /e /test:sysvolcheck
You can also check the replication settings and status using DFS management GUI
Also make sure in each domain controller FRS service is stopped and disabled.
