Server 2003 AD missing SYSVOL and NETLOGON shares

Posted on 2010-09-06
Last Modified: 2012-05-10
We had 2 domain controllers, both Server 2003 that I had thought were replicating properly.  The GC master domain controller died a few hours ago (raid array completely hosed) so I moved the 5 roles to the other DC and made it the GC master.  I can go into Users and Computers and also Sites and everything looks good.  DNS is good.  Problem is there is no NETLOGON share and SYSVOL is pretty much empty so AD isn't really working.  What are my options here?  I have a System State backup form the dead server from a while ago but I could get that one back online (re-install Windows) and try to recover it.  If I can get it back on that server, how do I move it to the new server since I don't think it will replicate in the state it is in?  Are there any other options?
Question by:DDassow01

Accepted Solution

aZLAn2000 earned 500 total points
ID: 33615274
If you are going to restore that server and its and old backup I recommend that you leave it alone. It will take part of your domain to that time which may give you unexpected results. Anyhow. You must start a new Windows server and then break it at startup (F8) and choose to start it in Active Directory recovery mode and then restore the whole server including system state to it.

I've also had the problem with NETLOGON once and its some hairy stuff. Please take a look at this knowledge base article.

Good luck!
LVL 11

Expert Comment

ID: 33615607

Author Comment

ID: 33617345
Thanks for the responses guys.  My big problem is that there is now only one DC and it is the one missing those shares so even setting the Burr flag it won't be able to replicate with anything.  I may be better off just removing AD from the working server and setting it up again.  We are a very small school (80 users and 25 computers).  That may be the fastest route here to just start it over.  I was hoping there was maybe a trick to merge the old System State restore with the running server's broken AD to get it working but I think even if that works it will take us back to sometime last year and I'll have to create a bunch of users anyhow.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 31

Expert Comment

by:Justin Owens
ID: 33619904
You CAN rebuild your SYSVOL folder, as is outlined in the KB that aZLAn2000 posted.  Don't bring your old DC back online if you have seized or moved your FSMO roles to your other DC.  Wipe it and remove it from AD completely (check metadata to make sure it is really gone).  It would be better to rename it, honestly.  Then you can build a member server, join the domain, and promote it back to a DC.  If you want, you can then move your FSMO roles back over to it.  

Honestly, starting over is probably NOT your fastest route....


Author Comment

ID: 33620517
Here are some new developments ...

I was able to get the original server back up.  I deleted the Array and recreated it but didn't initialize it.  I was then able to at least boot it into Windows.  One of the drives is dead so it isn't Optimal but it is running.  I now at least have a good working backup and will get another domain controller setup and make sure that everything is replicating.  I took the other server that was missing the shares down before bringing the other one online so as not to confuse everything since I seized the roles from it.  Looks like it is ok for now assuming that I can get another DC up and replicating properly.  Thanks for the help.

Author Comment

ID: 33623486
One final update.  Got a second domain controller up and running and it also wouldn't create the sysvol share.  I had to set the Burflag to D4 on the main DC and set it to D2 on the new DC and then it successfully created the shares and completed the replication.

Expert Comment

ID: 33624720
Strange behavior. Maybe something is still corrupted on your domain. I recommend that you - in the future - fully update your Windows servers before you promote them. It might be some sort of bug you hit if you don't do the update first. If you did update them first this is probably going to hunt you forever - or until you migrate to Windows 2008R2+.

Thanks for keeping os updated on the matter.

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question