Link to home
Start Free TrialLog in
Avatar of philjans
philjansFlag for Canada

asked on

TWO AD 2003 whose sysvol Policies do not replicated correctly

Hi,
I have 2 AD 2003 and the sysvol policies do not all replicate well.
One thing I have figured out was that I was missing one {CC2C2824-9480-4530-B4B3-45D5F505F450} on one of them but I guess if other policies are missing or incomplete that would explain why some users get a change password every 90 days and some don't!
How can I fix those replication problem.
tx!
Avatar of Adam Brown
Adam Brown
Flag of United States of America image

Check your error logs on each Domain controller for errors. There are a lot of things that can break FRS, which handles replication. http://technet.microsoft.com/en-us/library/bb727056.aspx has a guide on troubleshooting if you are getting errors. http://support.microsoft.com/kb/272279 has some stuff you can try to fix the problem.
check these commands:
repadmin /showrepl
dcdiag /test:replications

check results or if they generate some error logs
ASKER CERTIFIED SOLUTION
Avatar of alicain
alicain

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sysvol policies do not all replicate well
Replication is one of the basic functions of AD so you should be more concerned about your overall AD health than just the sysvol not replicating.

Do a health check on your AD but running
dcdiag /e /v /f:dcdiag.txt and search the results for failures.

It could just be as simple as a missing DNS record or worse case scenario you could have some AD corruption.

You do have the option to force replication by performing setting the burflags for a non-authoritative  restore. Just make sure that you correctly identify which server has the most up to date information.
http://support.microsoft.com/kb/290762
Avatar of philjans

ASKER

It will take a couple of hours (or days) to go through all your recommendations but I am always fascinated about something, I have been using AD 2003 for more then 10 years and I gee AD is fragile and always have bugs it it and replication problems: we are talking about 10 little files to keep replicated from one folder to another one and that shouldn't be this hard. I will migrate 2003 to the latest one and I hope that since the decade and more AD have been out, they created something less maintenance intensive and more robust.
Thanks for all your inputs, I will proceed them.
Avatar of alicain
alicain

Hi Philhans,

You are probably correct, but I think it is fair to say that the AD Directory (NTDS) replication is very robust and tends to see considerable less issues than NTFRS, which still has its roots back in the early Windows NT days, much of it is now based on very old code.  Patched up-to-date it fails far less than it used to in Windows 2000/2003 with no service packs.  Its replacement with DFS-R in Windows 2008 is, as they say, a paradigm shift.

The other util that I should have mentioned it GPOTool, which you can run against each DC to help you determine which SYSVOL is in the best state as the basis of the recovery.

Regards,
Alastair.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial