Solved

NTFRS Replication Problems

Posted on 2011-09-22
3
1,511 Views
Last Modified: 2012-05-12
Hi Experts,

Our AD Domain has 6 sites and 12 DC's. For a long time nobody took a really good care over AD replication. Right now every DC has a different sysvol content from each other. And there are many "something_ntfrs_someid" folder, like this:

{CCA243A2-99E7-4FA1-9969-604CB73AF23B}_NTFRS_381bc33a

Yesterday I set burflags D4 in one of these DC and set the other with D2. NTFRS service restarted on all of them. Sysvol content were moved to NTFRS_PreExisting folder as expected. Before doing this procedure, I created a backup of entire sysvol folder on every Domain Controller.

After starting NTFRS service, replication begins. But some files are not being replicated and there are many folders being renamed as the example I put above as there were replication errors. Sysvol content
You can see the folders OLD and POLICIES_NTFRS_000cc1ee under c:\windows\sysvol\sysvol\mydomain

I did manually deleted it all before setting D4 and D4 keys. How they came back again?

We are also have many folders under Scripts folder getting renamed because of replication collision as image below. How do I correct it?

How do I know from which DC a specific DC is getting its data to populate Sysvol content? Netlogon content
Can I just clear all sysvol content, then set D4 and D2 burflgs registry keys and then move back to sysvol folder only the files and folders needed?
0
Comment
Question by:garconer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 36581741
You shouldn't need a D4, what you are seeing there is known as morphed folders, few solutions, more on morphed folders here

http://technet.microsoft.com/en-us/library/bb727056.aspx#ECAA

some places also refer to this as name collisions in sysvol.

Thanks

Mike
0
 

Author Comment

by:garconer
ID: 36581807
Hi Mike,

Tks for the reply. Actually I've already done the instructions in the link you've sent. Folders keep being renamed and many folders and files are not being replicated among dcs. Each dc has dfrs links in place and eventvwr shows event 13568 followed by 13569 which is expected but unfortunately things are not working well. Do you know a tool that shows me from which dc some replicated folder came from?
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 36584635
1) Normally for an Authoritative Restore you stop at NTFRS services on all DCs.
2) Set burflags to D4 on a known good sysvol (or at this time restore sysvol data from backup then set burflags to D4) then start NTFRS on this server.  You may want to rename the old folders with .old extensions prior to restoring good data.
3) Clean up the folders on all the remaining servers (Policies, Scripts, etc) - renamed them with .old extensions.
4) Set burflags to D2 on all remaining servers and start NTFRS.
5) Wait for FRS to replicate.
6) Clean up the .old stuff if things look good.
This is probably what you need to do to get it back.http://support.microsoft.com/kb/290762

Note:Take the backup of sysvol folder before you proceed.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question