Learn how to use DFS Replication In Active Directory
The SYSVOL folder contains logon scripts, group policy templates, and other resources which are critical to the health and management of an Active Directory domain. Every domain controller should have the same contents in their respective SYSVOL folder; however, as these resources are modified and replicated to other SYSVOL folders throughout the domain, errors can occur. In previous version of Windows Server, the File Replication Service (FRS) was used to replicate the contents of the SYSVOL folder, but troubleshooting and configuring FRS is quite difficult. To overcome some of the limitations of FRS, domains with a functional level of Windows Server 2008 can use the Distributed File System (DFS) Replication engine to replicate the contents of the SYSVOL folder.
Using DFS replication instead of FRS replication offers the following benefits:
- Faster replication and decreased network traffic through the use of differential replication with Remote Differential Compression (RDC). With RDC, only the changed blocks are replicated when a file is changed, not the entire file.
- Flexible scheduling and bandwidth throttling to limit the quantity of data transmitted and/or accepted within a specified period of time.
- Automatic self-healing for many database errors.
- Improved support for read-only domain controllers.
- Built in health monitoring tools.
When you install a new forest with the Windows Server 2008 or Windows Server 2008 R2 domain functional level, DFS Replication is used automatically. For domains using other domain functional levels, you can migrate from FRS replication to DFS replication as follows:
- Upgrade all domain controllers to Windows Server 2008 or Windows Server 2008 R2.
- Change the domain functional level to Windows Server 2008 or Windows Server 2008 R2.
- Verify the current state of replication by running repadmin /ReplSum. Correct any problems that are noted.
- Run the dfsrmig command to start and control the migration. The following states indicate stable stages in the migration process:
State Description Not initiated If SYSVOL migration has not been started, the state will be Not initiated. Only FRS is used to replicate the SYSVOL contents. Start Run the dfsrmig /SetGlobalState 0 command to start DFS migration. Running this command contacts the domain controller with the PDC master and sets a migration directive in Active Directory. This directive is replicated to all other domain controllers through normal Active Directory replication. At this stage, DFS replication has not yet started, and only FRS replication is still being used. Prepared Run the dfsrmig /SetGlobalState 1 command to instruct domain controllers to begin DFS replication. During this stage, a copy of SYSVOL is created in a folder called SYSVOL_DFSR and is added to a DFS replication set. DFS Replication begins to replicate the contents of the SYSVOL_DFSR folders on all domain controllers. However, FRS continues to replicate the original SYSVOL folders. FRS replication is still the main replication method. Redirected Run the dfsrmig /SetGlobalState 2 command to shift the main responsibility for SYSVOL replication to DFS. The SYSVOL share is changed to refer to SYSVOL_DFS\sysvol. Clients now use the SYSVOL_DFSR folder to obtain logon scripts and Group Policy templates. FRS continues to operate, but the DFS-replicated folder is used as the master SYSVOL folder. Eliminated Run the dfsrmig /SetGlobalState 3 command to stop FRS replication and rely only on DFS replication.
Be aware of the following when managing migration:
- The states listed above are stable migration states. Additional intermediary states exist during the transition from one stage to another.
- By using a staged migration approach, you can start the migration to DFS Replication, and proceed to the next step after you have verified that everything is working correctly.
- Run dfsrmig /GetGlobalState to view the current DFS Replication migration setting on the PDC. This command indicates the current setting, but might not reflect the current state of each domain controller. Domain controllers may not be synchronized with each other due to the time it takes to notify the domain controller of the new migration state and the time for the domain controllers to make the changes required by the state.
- Run dfsrmig /GetMigrationState to view the current migration state of each domain controller in the domain.
- During the Start, Prepared, and Redirected stages, you can roll back (undo) the migration.
- After the system reaches the Eliminated stage, you cannot revert back to FRS replication. For this reason, do not initiate transition to the Eliminated stage unless you are confident that DFS Replication is working correctly.
- To roll back the migration, use the dfsrmig /SetGlobalState command with the desired rollback level (0 or 1). The changes will be removed back to the indicated stage.