Solved

Mismatched SYSVOL, Group Policy

Posted on 2012-03-31
2
2,697 Views
Last Modified: 2012-04-17
Hi Everyone,

We recently took on a new customer and have discovered that they have certain issues in their environment.  They have 2 AD sites that have 3 DCs in one and 2 DCS in the other.  The 2 DCs SYSVOL contents are out of sync with their neighbours in the other site.  On deeper inspection of their environment, it has also been discovered that their primary DNS zone is set to allow unsecure and secure updates - its a AD primary zone.  They previously upgraded their server estate from Windows 2000 Server.  I was wondering if this could be a key contributing factor any the SYSVOL issue?  They are now going to upgrade their esate to Windows Server 2008 and we are trying weight up if it would be a better idea to start with a clean forest and leave the legacy issues behind, or continue with the current env.  Thanks for your help in advance
0
Comment
Question by:cmatchett
2 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
ID: 37791988
SYSVOL should replicated to all DC's.
If it's not the same, then you may be having some replication problems.

A DCDIAG /V should show you any errors in your AD.

Check out these to links which explain how to fix SYSVOL replication
http://www.techtalkz.com/windows-server-2003/446082-contents-sysvol-policies-folder-different-2-dcs.html
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24323148.html

Once you're AD is clean and replicating properly, then I could see why not to migrate your existing domain.

Setting DNS to secure update mode just a matter of change settings on the zone.
Enable scavenging an you'll soon have a clean DNS as well.

The only reason for setting DNS to unsecure update mode is if they have many non-windows devices or many guests/bring-your-own devices on the network. OR the other major reason...they had some DNS problems and some "bright spark" suggested this fix.

Either way, the option to migrate/replace remains yours.
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 250 total points
ID: 37795473
Make sure replication between the DC are working fine.

I also would suggest you to run Dcdiag test and check for any error message.

Regarding the sysvol Mismatch you will have to see what event ID is getting generated on Domain controllers.

For Eg - If On one of the DC sysvol is not replicated properly then you can perform non- authorative resotre.

Follow below article which explains how to troublshoot sysvol error messages.

http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

If none of the solution works then Run dcdiag /v and post the results here.

Regards,

_Prashant_
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question