Improve company productivity with a Business Account.Sign Up


Server 2003 AD missing SYSVOL and NETLOGON shares

Posted on 2010-09-06
Medium Priority
Last Modified: 2012-05-10
We had 2 domain controllers, both Server 2003 that I had thought were replicating properly.  The GC master domain controller died a few hours ago (raid array completely hosed) so I moved the 5 roles to the other DC and made it the GC master.  I can go into Users and Computers and also Sites and everything looks good.  DNS is good.  Problem is there is no NETLOGON share and SYSVOL is pretty much empty so AD isn't really working.  What are my options here?  I have a System State backup form the dead server from a while ago but I could get that one back online (re-install Windows) and try to recover it.  If I can get it back on that server, how do I move it to the new server since I don't think it will replicate in the state it is in?  Are there any other options?
Question by:DDassow01

Accepted Solution

aZLAn2000 earned 2000 total points
ID: 33615274
If you are going to restore that server and its and old backup I recommend that you leave it alone. It will take part of your domain to that time which may give you unexpected results. Anyhow. You must start a new Windows server and then break it at startup (F8) and choose to start it in Active Directory recovery mode and then restore the whole server including system state to it.

I've also had the problem with NETLOGON once and its some hairy stuff. Please take a look at this knowledge base article.

Good luck!
LVL 11

Expert Comment

ID: 33615607

Author Comment

ID: 33617345
Thanks for the responses guys.  My big problem is that there is now only one DC and it is the one missing those shares so even setting the Burr flag it won't be able to replicate with anything.  I may be better off just removing AD from the working server and setting it up again.  We are a very small school (80 users and 25 computers).  That may be the fastest route here to just start it over.  I was hoping there was maybe a trick to merge the old System State restore with the running server's broken AD to get it working but I think even if that works it will take us back to sometime last year and I'll have to create a bunch of users anyhow.
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

LVL 31

Expert Comment

by:Justin Owens
ID: 33619904
You CAN rebuild your SYSVOL folder, as is outlined in the KB that aZLAn2000 posted.  Don't bring your old DC back online if you have seized or moved your FSMO roles to your other DC.  Wipe it and remove it from AD completely (check metadata to make sure it is really gone).  It would be better to rename it, honestly.  Then you can build a member server, join the domain, and promote it back to a DC.  If you want, you can then move your FSMO roles back over to it.  

Honestly, starting over is probably NOT your fastest route....


Author Comment

ID: 33620517
Here are some new developments ...

I was able to get the original server back up.  I deleted the Array and recreated it but didn't initialize it.  I was then able to at least boot it into Windows.  One of the drives is dead so it isn't Optimal but it is running.  I now at least have a good working backup and will get another domain controller setup and make sure that everything is replicating.  I took the other server that was missing the shares down before bringing the other one online so as not to confuse everything since I seized the roles from it.  Looks like it is ok for now assuming that I can get another DC up and replicating properly.  Thanks for the help.

Author Comment

ID: 33623486
One final update.  Got a second domain controller up and running and it also wouldn't create the sysvol share.  I had to set the Burflag to D4 on the main DC and set it to D2 on the new DC and then it successfully created the shares and completed the replication.

Expert Comment

ID: 33624720
Strange behavior. Maybe something is still corrupted on your domain. I recommend that you - in the future - fully update your Windows servers before you promote them. It might be some sort of bug you hit if you don't do the update first. If you did update them first this is probably going to hunt you forever - or until you migrate to Windows 2008R2+.

Thanks for keeping os updated on the matter.

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question