[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Server 2003 AD missing SYSVOL and NETLOGON shares

Posted on 2010-09-06
Medium Priority
Last Modified: 2012-05-10
We had 2 domain controllers, both Server 2003 that I had thought were replicating properly.  The GC master domain controller died a few hours ago (raid array completely hosed) so I moved the 5 roles to the other DC and made it the GC master.  I can go into Users and Computers and also Sites and everything looks good.  DNS is good.  Problem is there is no NETLOGON share and SYSVOL is pretty much empty so AD isn't really working.  What are my options here?  I have a System State backup form the dead server from a while ago but I could get that one back online (re-install Windows) and try to recover it.  If I can get it back on that server, how do I move it to the new server since I don't think it will replicate in the state it is in?  Are there any other options?
Question by:DDassow01

Accepted Solution

aZLAn2000 earned 2000 total points
ID: 33615274
If you are going to restore that server and its and old backup I recommend that you leave it alone. It will take part of your domain to that time which may give you unexpected results. Anyhow. You must start a new Windows server and then break it at startup (F8) and choose to start it in Active Directory recovery mode and then restore the whole server including system state to it.

I've also had the problem with NETLOGON once and its some hairy stuff. Please take a look at this knowledge base article.

Good luck!
LVL 11

Expert Comment

ID: 33615607

Author Comment

ID: 33617345
Thanks for the responses guys.  My big problem is that there is now only one DC and it is the one missing those shares so even setting the Burr flag it won't be able to replicate with anything.  I may be better off just removing AD from the working server and setting it up again.  We are a very small school (80 users and 25 computers).  That may be the fastest route here to just start it over.  I was hoping there was maybe a trick to merge the old System State restore with the running server's broken AD to get it working but I think even if that works it will take us back to sometime last year and I'll have to create a bunch of users anyhow.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 31

Expert Comment

by:Justin Owens
ID: 33619904
You CAN rebuild your SYSVOL folder, as is outlined in the KB that aZLAn2000 posted.  Don't bring your old DC back online if you have seized or moved your FSMO roles to your other DC.  Wipe it and remove it from AD completely (check metadata to make sure it is really gone).  It would be better to rename it, honestly.  Then you can build a member server, join the domain, and promote it back to a DC.  If you want, you can then move your FSMO roles back over to it.  

Honestly, starting over is probably NOT your fastest route....


Author Comment

ID: 33620517
Here are some new developments ...

I was able to get the original server back up.  I deleted the Array and recreated it but didn't initialize it.  I was then able to at least boot it into Windows.  One of the drives is dead so it isn't Optimal but it is running.  I now at least have a good working backup and will get another domain controller setup and make sure that everything is replicating.  I took the other server that was missing the shares down before bringing the other one online so as not to confuse everything since I seized the roles from it.  Looks like it is ok for now assuming that I can get another DC up and replicating properly.  Thanks for the help.

Author Comment

ID: 33623486
One final update.  Got a second domain controller up and running and it also wouldn't create the sysvol share.  I had to set the Burflag to D4 on the main DC and set it to D2 on the new DC and then it successfully created the shares and completed the replication.

Expert Comment

ID: 33624720
Strange behavior. Maybe something is still corrupted on your domain. I recommend that you - in the future - fully update your Windows servers before you promote them. It might be some sort of bug you hit if you don't do the update first. If you did update them first this is probably going to hunt you forever - or until you migrate to Windows 2008R2+.

Thanks for keeping os updated on the matter.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question