Server Migration with Missing Sysvol

So here's the scene. I was brought in in the middle of a server migration because the other sys admin left. DC1 is a Server 2008 box being migrated to DC2 which is a Server 2012R2 VM. The server roles (AD DS, DNS, File and Storage Services) were already installed on DC2 and the domain level FSMO roles was already migrated to DC2. As I came in, I installed Windows Server Backup on both machine and took a backup of each that were saved to a NAS. I proceed to migrate the remaining 2 FSMO roles, and swap IPs so anything mapped by IP instead of DNS doesn't break. I was going to remove DC1 as a global catalog, remove the roles, and decommission it, but I wanted to hold off for a little bit. Everything was working fine until I powered down DC1 and rebooted DC2. DC2 could not open Active Directory. Rebooted DC2, same thing. Rebooted DC2 and powered DC1 back on. Everything working again. i checked DC2 and I see no SYSVOL folder. Come to find out both servers are running NTFRS instead of DFS-R. I thought maybe migrating from FRS to DFS-R would help, so I perform the migration. What's interesting is as I go from state 0 to 1, 1 to 2, and 2 to 3 on DC1, the same thing happens automatically on DC2 as I'm checking both servers to see what state they are in. Finished DFS-R migration, but still no SYSVOL folder on DC2. What's worse is now there's no SYSVOL folder on DC1 either. There is a SYSVOL_DFSR but it seems empty. I did make a copy of the SYSVOL folder before the migration, so I have that. When I go to Event Viewer on DC2, I go to Custom Views>Server Roles>Active Directory Domain Services and I get a pop-up error saying File Replication Service Access is denied. Help! I'm afraid to turn the old server off. I was going to try a non-authoritative restore, but I'm not sure if I can do that since the SYSVOL folder on DC1 is now gone.
Joby JacobSysAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Peter HutchisonSenior Network Systems SpecialistCommented:
I would revert to doing a  restore, but just a  file system restore of the C:\Windows\SYSVOL folder.
You can boot the DC into DSRM mode to do a restore, it doesn't matter what state its in.
DrDave242Senior Support EngineerCommented:
Run net share on both DCs. Is there a SYSVOL share on either one? If so, it will likely map to the SYSVOL_DFSR folder. If it does, that's normal after the migration; the actual folder path doesn't matter.

Assuming you have a SYSVOL share on both DCs, use File Explorer to browse through the share's local path on each one to see what's contained there. If it really is empty, try simply copying the contents of SYSVOL (from that copy you made beforehand) into the new folder. Give it a few minutes, then check to see if it replicated to the other DC. Please post your results here.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Joby JacobSysAdminAuthor Commented:
Both DC1 and DC2 have a SYSVOL share that was mapped to C:\Windows\SYSVOL_DFSR\sysvol. They both were indeed empty. I got the copy of the SYSVOL folder from earlier and copied the entire contents (staging, staging areas, sysvol, and domain folders) to the SYSVOL_DFSR folder. Waited less than 5 minutes and the folders had replicated. Shutdown DC1 and rebooted DC2. DC2 is now able to access Active Directory without problems. Events viewer still gives me a pop up that says File Replication Service  Access is denied, but I'm thrilled DC2 is able to function without DC1. Thank you very much!
CEOs need to know what they should worry about

Nearly every week during the past few years has featured a headline about the latest data breach, malware attack, ransomware demand, or unrecoverable corporate data loss. Those stories are frequently followed by news that the CEOs at those companies were forced to resign.

Joby JacobSysAdminAuthor Commented:
Thank God for backups. Copying the contents from the SYSVOL backup to the SYSVOL_DFSR folder pushed replication and resolved the AD issue!
DrDave242Senior Support EngineerCommented:
Excellent! I wouldn't worry about that FRS error in the event log. FRS isn't being used for anything now, so that error doesn't really mean anything.
Peter HutchisonSenior Network Systems SpecialistCommented:
Open GPMC console and check for any Policy errors. IF the Default Domain Policy or Default Domain Controller Poluicy is missing you can restore the default using the DcGpoFix.exe command.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.