Hello Everybody,

I'm new to technet so I hope I posted on the right category.

I've been trying to understand the logic behind the replication of the sysvol folder on DCs. Do I need to install the DFS role on the DCs to have the sysvol share of all DCs replicated and synced?

I attended a course of Active Directory last week and I had some disagreement with the instructor about this argument.

Let's suppose I install a brand new Domain Controller on a new forest and domain and this DC is the root DC and FSMO master. Now, if I added a new domain controller this DC too has its sysvol folder.

Now I've learned that on the sysvol folder are stored the GPT files of the GPOs. My instructor says: "If you create a new GPO on the primary domain controller and you don't enable the DFS replication by installing the DFS role on the DCs, until the primary DC is working and up everything's fine, but if for any reason the primary DC on which the policy has been created and GPT has been stored is unreachable, the clients will be no longer able to refresh the policy". He also say that the fact that clients are able to apply group policy when the primary DC is up and running even from a different domain controller is thanks to the DFS, when you log on to the sysvol folder \\domain.name\SYSVOL\domain.name, the last "domain.name" as it is a pointer is managed by DFS that make sure that clients are able to reach resources they need no matter where they are.

So my question is, is SYSVOL Share on system > WS2008  automatically replicated and synced by windows or I really need to install the DFS role on the DC to have this done?

Unfortunately I didn't find nothing on the Internet this.

Thank you so much

Stefano

So my question is, is SYSVOL Share on system > WS2008  automatically replicated and synced by windows or I really need to install the DFS role on the DC to have this done?

In Windows 2008 DFS Replication is the default file replication service for domains that are initially created on domain controllers running Windows Server 2008. However, in a domain that is upgraded from another operating system to Windows Server 2008, FRS is the default replication service for SYSVOL replication.

No need to install the DFS role on the DC for SYSVOL share.

• Marked as answer by Stefano Lombardo 12 hours 21 minutes ago

So you're saying that DFSR automatically replicates SYSVOL shares on all domain controllers of a domain without installing the role. I assume then that I will have exactly the same GPT files on every domain controller in my domain. Won't I?

Do you know if there's a KB or technet that explains this?

thank you again

• Marked as answer by Stefano Lombardo 12 hours 21 minutes ago
• Unmarked as answer by Stefano Lombardo 12 hours 21 minutes ago

Hi, There should be a Sysvol folder on every DC. When a user logs on to a computer that's a member of a domain, their Group Policy settings, profiles and scripts are downloaded locally from a DC's Sysvol folder. It makes sense that all DCs need to have the exact same Sysvol content. If something changes on one DC (usually the PDC Emulator), you need to copy, or "replicate," those changes to all other DCs. DFS replication enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication. More you can read on http://blogs.technet.com/b/filecab/archive/2007/12/26/what-s-new-in-windows-server-2008.aspx https://technet.microsoft.com/en-us/library/cc794837(v=ws.10).aspx

• Marked as answer by Stefano Lombardo 12 hours 21 minutes ago

You no need to install the DFS for replicating the Sysvol contains.

1) Newly created forest/Domain with FFL/DFL Windows 2008 ; by default having DFSR enabled.

2) If You are migrated from windows FFL/DFL 2003  to windows FFL/DFL 2008/ 2008 R2/2012/2012 R2. You have to migrate from FRS to DFSR.

Can I have the below two outputs ?

# Applicable for Win 2008 & above versions DC
dfsrmig /GetMigrationState
dfsrmig /Getglobalstate

 

Biswajit,

thank you so much for your reply. Unfortunately I was working on a test environment that has been now deleted I cannot then provide you with the output of the 2 commands.

I've also tried to ask to a Microsoft support engineer that helped me some month ago with another case and these are the answers:

*********************

Hello Stefano, Hope you are doing well. Once you install the role of Active directory on any machine and if Sysvol is replicating using DFSR then we do not need to install the role of DFS. However the DFSR service runs in the background on the domain controllers. So installing the DFS role is not a requirement. quote***I want to add a secondary domain controller (windows server 2012 R2), do I need to do something to activate the replication of the sysvol shares or it is automatic?*** It is automatic and no user intervention is needed. We do not need to install the DFSR role for replicating Sysvol data. If we need to configure another replication group for replicating data then we need to install the DFSR role. quote***Also, I know that I shouldn't but let's say that I modify a file inside the sysvol folder of the secondary domain controller, are the files synced from the secondary DC sysvol share to the primary DC sysvol share or not?*** Yes it will replicate to Primary DC.

Thank you everybody for your help

hi,

You wel come. And thanks to you for reverting back on forum.