Active Directory Forest Recovery – Perform an authoritative synchronization of DFSR-replicated SYSVOL
There are different ways to perform an authoritative restore of SYSVOL. You can either edit the msDFSR-Options attribute or perform a system state restore using wbadmin –authsysvol. If you have the option to restore a system state backup (that is, you’re restoring AD DS to the same hardware and operating system instance) then using wbadmin –authsysvol is simpler. But if you need to perform a bare metal restore, then you need to edit the msDFSR-Options attribute.
Use the following steps to perform an authoritative synchronization of SYSVOL (if it’s replicated using DFSR) by editing the msDFSR-Options attribute. Note it can also be done using PowerShell.
To perform an authoritative synchronization of DFSR-replicated SYSVOL using Active Directory Users and Computers
1)Open Active Directory Users and Computers.
2)Select View, and then select Users, Contacts, Groups, and Computers as containers and Advanced Features.
3)In the tree-view, select Domain Controllers, the name of the DC you restored, DFSR-LocalSettings, and then Domain System Volume.
4)In the Details pane, right-click SYSVOL Subscription, select Properties, and select Attribute Editor.
5)Select msDFSR-Options, select Edit, type 1, and select OK.
6)Select OK to close the Attribute Editor.
Verify if the authoritative restore is successful using PowerShell
1)After the previous operation, restart the DFSR service:
|
1 |
Restart-Service DFSR -PassThru |
2)Verify the presence if Event ID 4602
|
1 |
Get-WinEvent -LogName 'DFS Replication' | Where-Object ID -EQ 4602 | Format-Table -AutoSize -Wrap |
