For the second time in a month, all files from Netlogon have disappeared. Only domain admins group has write permissions on sysvol tree.
There is no replication issue in place. If I create a file on a DC, it get replicated to others in minutes.
I have 5 sites and 10 DC's.
The first time the problem raised, the folder SCRIPTS itself was removed. This time only the content got removed.
If I copy all files back from backup, they get replicated again without any issue..
I suspected of human errors. Talked to all domain admins and they said nothing was being done by the time the files were removed.
Sysvol is excluded from antivirus scanning.
Object Acess Auditing had been enabled on sysvol folders for deletion. But I couldn't find anything useless in the security logs since it is so huge and from 500.000 entries maybe on or two has some to do with the problem. I don't have any log parser.
I don't think it's a replication issue, since if there is a conflict, the file would get renamed not deleted.