Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Windows Server 2012 SYSVOL and Group Policy Replication

We have two Windows Server 2012 Datacenter (non R2) DC's running on VMWare 5.1 ESXi hosts.

The DC's are in the same subnet. They appear to be replicated but I am concerned about the domain status being shown on the Group Policy Management status page. When I click Detect Now from either DC, the other DC is always shows as "replication in progress". At no time do they ever show as "replication in sync". (See picture)
gp.PNG
My troubleshooting:
I've run dcdiag and every test successfully passes except for the DFSREvent which says: There are warning or error events within the last 24 hours...." (See picture)
dcdiag.PNG
The only warning is at 1am each night when our backup system does its thing. (See picture)
warning.PNG
repadmin /syncall works fine
There aren't any red exclamation errors in the event viewer
The NETLOGON and SYSVOL shares are working fine
We don't have any DFS NameSpaces


QUESTION:
Is this something I need to be worried about? It would seem that even if the service is interrupted during backup, I should be able to update it during the day to see the DCs in sync.
0
Paul Wagner
Asked:
Paul Wagner
  • 2
  • 2
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
Have you tried to open DFS Management and run a health report on the DC replication?

Have you checked the sysvol folder on each of your domain controllers to ensure the same data is present on both?

Will.
0
 
Paul WagnerFriend To Robots and RocksAuthor Commented:
Health Report shows no errors or warnings.
SYSVOL\domain folder shows 4 GPO folders but the date on one of them is a few months off.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
DFS-R only replicates changes not the entire folder. What are the timestamps on the policies? Do they match up?

If all tests are coming back clean there shouldn't be too much to worry about. Did you recently do an AD upgrade or was one done in the past?

Sometimes what I have seen is if you do an AD upgrade and you have domain controllers issues not all of the data is replicated during the upgrade or there are orphaned objects on some domain controllers.

Aside from that if all your tests are clean and there are no issues in regards to Policies apply etc I would not worry.

Will.
0
 
Paul WagnerFriend To Robots and RocksAuthor Commented:
Ya, everything matches up. I just wish Group Policy Management said that the DC's were in sync. The tests all seem to pass so I guess we're good. Thanks for setting my mind at ease. :-)
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now