Solved

Sysvol\sysvol\domainname folder is empty on Domain Controllers

Posted on 2013-06-02
10
4,587 Views
Last Modified: 2013-06-15
Hi,
We have a strange issue on both domain controllers that we have in our network. The "domainname" folder under SYSVOL\sysvol is empty. We can't find the policies and scripts folders.

-Both DCs are windows 2008 R2 Std - SP1
-Replication works fine between them
-no DNS issues. Both servers are pingeable by IP and by name
-rfs and dfs services are running

We noticed this after one user with local admin privileges faced rights issue when trying to run/install a program. We suspected this could be a restriction caused by a domain policy and we discovered that there were no policies at all on the entire domain.
Please advise.
Thanks -
0
Comment
Question by:Grayhat7
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 20 total points
ID: 39215236
do you have backup of sysvol if yes then restore it from there if not then run dcgpofix as a last option it will create your default domain policy and default domain controllers policy
0
 
LVL 13

Assisted Solution

by:rhinoceros
rhinoceros earned 120 total points
ID: 39215280
1. Have you checked both DC's sysvol folder are also empty?

\\DC1\sysvol and \\DC2\sysvol (replication fails in sysvol?)

2. You have changed something before?


More info:
http://community.spiceworks.com/topic/146562-sysvol-folder-on-domain-controller-is-empty
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 160 total points
ID: 39215816
Have you seen the sysvol for NtFrs_PreExisting folder and %systemroot%\SYSVOL\domain the policies and script may be present.If not presen then see proceed as below.

If the sysvol folder is empty(policies and script),restore the systemstate backup at alternate location and copy the content of sysvol from backup to sysvol folder and then perfrom authorative/non aothorative  restore of sysvol or if you have seperate sysvol folder backup the same can also be used.http://technet.microsoft.com/en-us/library/cc778271(v=ws.10).aspx
 
In case if the sysvol backup does not have polcies and script folder and you dont have seperate sysvol backup then you need to run dcgpofix but the old policies will be lost:http://www.windowsitpro.com/article/group-policy/how-can-i-restore-the-contents-of-the-default-domain-and-default-domain-controller-dc-group-policy-objects-gpos-
 
The Dcgpofix tool does not restore security settings in the Default Domain Controller Policy to their original state:
 http://support.microsoft.com/kb/833783

Hope this helps
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Assisted Solution

by:VirastaR
VirastaR earned 100 total points
ID: 39216055
Hi,

Check this KB
How to rebuild the SYSVOL tree and its content in a domain
http://support.microsoft.com/kb/315457

Hope that helps :)
0
 

Accepted Solution

by:
Grayhat7 earned 0 total points
ID: 39216691
Thank you all,

@sarang_tinguria: no backup for the sys state
@rhinoceros: both folders are empty and nothing was changed before. the content was there and suddenly disappeared
@Sandeshdubey: i think we need to proceed as sarang_tinguira suggested

Also, i have found the following article: http://searchwindowsserver.techtarget.com/tip/How-to-rebuild-the-SYSVOL-tree-when-none-exists-in-Active-Directory

what do you suggest?
Best,
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 160 total points
ID: 39218537
If there is no backup then you need to run dcgpofix as suggested but the old policies will be lost and you need to recreate the GPO as per business requirement.http://windowsitpro.com/group-policy/how-can-i-restore-contents-default-domain-and-default-domain-controller-dc-group-policy

No need to rebuild the syvol structure as only polcies and script folder is missing you need to also manaully creare script folder if not present as dcgpofix will not create the same.

Then restart the FRS and netlogon service and ensure that event id 13516 is logged in FRS.

Hope this helps.
0
 
LVL 13

Assisted Solution

by:rhinoceros
rhinoceros earned 120 total points
ID: 39225078
Have you checked your Windows event log? Any errors for File Replication Services?
0
 

Assisted Solution

by:Grayhat7
Grayhat7 earned 0 total points
ID: 39233124
Thank you Sandeshdubey. No scripts were there, only default domain policy with no settings in it. i will run dcgpofix and let you know.
@rhinoceros: no FRS errors logged so far.

Best,
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 160 total points
ID: 39234148
Even the Script were not there you need to create Script folder.If not created the netlogon share will be not available.You can run dcgpofix as suggest follow the link which is already posted.

Hope this helps
0
 

Author Closing Comment

by:Grayhat7
ID: 39249735
Followed the solution presented in my post along with other solutions presented by the experts
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question