Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Mismatched SYSVOL, Group Policy

Posted on 2012-03-31
2
2,665 Views
Last Modified: 2012-04-17
Hi Everyone,

We recently took on a new customer and have discovered that they have certain issues in their environment.  They have 2 AD sites that have 3 DCs in one and 2 DCS in the other.  The 2 DCs SYSVOL contents are out of sync with their neighbours in the other site.  On deeper inspection of their environment, it has also been discovered that their primary DNS zone is set to allow unsecure and secure updates - its a AD primary zone.  They previously upgraded their server estate from Windows 2000 Server.  I was wondering if this could be a key contributing factor any the SYSVOL issue?  They are now going to upgrade their esate to Windows Server 2008 and we are trying weight up if it would be a better idea to start with a clean forest and leave the legacy issues behind, or continue with the current env.  Thanks for your help in advance
0
Comment
Question by:cmatchett
2 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 250 total points
ID: 37791988
SYSVOL should replicated to all DC's.
If it's not the same, then you may be having some replication problems.

A DCDIAG /V should show you any errors in your AD.

Check out these to links which explain how to fix SYSVOL replication
http://www.techtalkz.com/windows-server-2003/446082-contents-sysvol-policies-folder-different-2-dcs.html
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24323148.html

Once you're AD is clean and replicating properly, then I could see why not to migrate your existing domain.

Setting DNS to secure update mode just a matter of change settings on the zone.
Enable scavenging an you'll soon have a clean DNS as well.

The only reason for setting DNS to unsecure update mode is if they have many non-windows devices or many guests/bring-your-own devices on the network. OR the other major reason...they had some DNS problems and some "bright spark" suggested this fix.

Either way, the option to migrate/replace remains yours.
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 250 total points
ID: 37795473
Make sure replication between the DC are working fine.

I also would suggest you to run Dcdiag test and check for any error message.

Regarding the sysvol Mismatch you will have to see what event ID is getting generated on Domain controllers.

For Eg - If On one of the DC sysvol is not replicated properly then you can perform non- authorative resotre.

Follow below article which explains how to troublshoot sysvol error messages.

http://social.technet.microsoft.com/wiki/contents/articles/8548.sysvol-and-netlogon-share-importance-in-active-directory.aspx

If none of the solution works then Run dcdiag /v and post the results here.

Regards,

_Prashant_
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question