<img height="1" width="1" src="https://www.facebook.com/tr?id=1529264867168163&amp;ev=PageView &amp;noscript=1">
blog_listing_hero_img.jpg

Updating your Active Directory 2008 Replication from FSR to DFS Replication

If you are running an Active Directory 2008 R2 domain with a Domain Functional Level also set at Windows 2008 R2, you may want to consider updating your FSR replication to DFS replication (DFSR).  Here are some reasons why you should consider upgrading your replication. 

  • Microsoft is no longer doing development for FRS replication.  They have committed to DFSR as the future replication type that we will all be using for Active Directory.
  • If you have any plans to move to Windows 2012, DFSR will be required.
  • DFSR is a more efficient method of replication and conversion will improve backend domain replication.

If your decision is to plan for DFS replication then there are many steps to working toward the completion of the work.  This includes verifying the functional level of your domain, verifying domain controller health, migrating to the prepared state, migrating to the redirected state and then finally moving to the eliminated step.  Following these steps will also ensure that you successfully work through the process and validate your progress between each step.  Downtime is not required to complete this work, but I would highly recommend doing the work off-hours to ensure that you do not introduce any unexpected latencies or issues.  This article will also highlight some of the differences you may see if you have some Windows 2008 R2 Server Core Domain Controllers.

Check the Functional Level of your Domain

In order to move toward DFS replication your current domain will need to be at a Windows 2008 domain functional level which can be checked with the following steps.  You will need Domain Administrator rights to do this.

  1. On a domain controller or through your locally installed Active Directory tools, open the “Active Directory Domains and Trusts” window.
  2. Right-click the name of the domain for which you are migrating the SYSVOL folder, and then click “Raise Domain Functional Level”.
  3. Then “Select an available domain functional level list”, click “Windows Server 2008”, and then click Raise.

Note:  This will only work if ALL of your domain controllers are Windows 2008 or Windows 2008 R2.

Verify your Domain Controller Health

The following steps will help you determine the health of your domain.  If there are issues with any of these items, work with Microsoft to resolve them before moving forward with the update of your replication.

  1. On each domain controller in your domain, login and open a command prompt
  2. Type Net share and press enter to verify that the SYSVOL is properly shared for FRS replication.  Your results should be similar to the output below.

Verify the SYSVOL

Note:  If your environment is having issues with FRS Replication there is a Microsoft Tool called Ultrasound that you can install to assist with analyzing Active Directory Replication (http://go.microsoft.com/fwlink/?LinkID=121859).  Microsoft support can also assist if your environment is having replication issues.

  1. Verify that there is enough disk space available to make a copy of your production SYSVOL by looking at the size of your SYSVOL and then checking how much free space is available on your hard drive.  See SYSVOL location in step 2 above.
  2. On a domain controller in the domain that you want to migrate, open a command prompt window and type repadmin /ReplSum to verify that Active Directory replication is working properly. The output should indicate no errors for all of the domain controllers in the domain as shown below.

Verify Active Directory is working properly

  1. On each domain controller go to your registry through either Start, Run and typing regedit or on Server Core you can type regedit at your command prompt and press enter.  Browse to  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters and verify that the value of the SYSVOL registry entry is set to the following path c:\Windows\SYSVOL\SYSVOL, and that the value of the SYSVOLReady registry entry is 1.
  2. Go to Server Manager, Configuration, Services and check that the DRS Replication service is started on all domain controllers
  3. Verify that you have a good system state backup through your third party or Microsoft backup program
Migrate to Prepared State

If the health of your domain is good based upon the checklist above then you are ready to start your migration.  The first step to migrating to DFSR replication is to set the global state to 1 which creates your new SYSVOL_dfsr directories.  The following steps will guide you through this process.

  1. At a command prompt type dfsrmig /setglobalstate 1 and press enter
  2. Type dfsrmig /getglobalstate and press enter to validate that the process has started

Verify the process has started

  1. Then type dfsrmig /getmigrationstate and press enter to verify that the process is completed

Verify Active Directory is working properly

Note:  It may take a little bit of time for the migration state to be properly set.  You will get the following warning until the process is complete.

Verify Active Directory is working properly

Validate that you are in Prepared State
  1. Type Net share and press enter at a command prompt on each domain controller to ensure that the folder is still mapped to SYSVOL.

Verify Active Directory is working properly

  1. Manually check your system for the following folder on each domain controller.  C:\Windows\SYSVOL_DFSR folder should have been created on each domain controller

Note:  In Windows 2008 Server Core this will be located in a slightly different location C:\Windows\SYSVOL for FRS and C:\SYSVOL_DFSR for the new directory that will be used for DFSR.

  1. Verify that the contents of the c:\Windows\SYSVOL folder are successfully copied to the newly created C:\Windows\SYSVOL_DFSR folder.  This process can take 15 or morning minutes depending on the size of the SYSVOL.

Note:  Once in the Prepared State; if for some reason you would like to revert back to pre-migration, at a command prompt type dfsrmig /setglobalstate 0 and press enter.

Migrate to Redirected State

The next step is to set your domain to redirected state which switches your environment to DFSR replication, but within the old SYSVOL file structure. 

  1. At a command prompt type dfsrmig /setglobalstate 2 and press enter.

Verify Active Directory is working properly

  1. Type dfsrmig /getglobalstate and press enter to verify the state of your environment.

Verify Active Directory is working properly

  1. Type dfsrmig /getmigrationstate and press enter to verify that your environment has been migrated to the Redirected state.

Verify Active Directory is working properly

  1. Type net share on each domain controller to verify the following.

Verify Active Directory is working properly

Note:  If for some reason you would like to go back to the Prepared State this can be done by typing dfsrmig /setglobalstate 1 at a command prompt.

Migrate to the Eliminated State

Once your domain is set to the Eliminated state, this cannot be rolled back.  During this state your domain will be converted to DFSR replication in the new SYSVOL_DFSR directories and FRS replication services will be stopped and disabled.

  1. Type repadmin /ReplSum at a command prompt and press enter.

Verify Active Directory is working properly

Note:  Verify that there are not any errors

  1. Make sure that you have a complete system state backup
  2. Validate that you do not have the c:\windows\SYSVOL or c:\SYSVOL folders open from any location prior to running the next step.  If the folders are open in the command line or GUI the process may not properly complete.
  3. Type dfsrmig /setglobalstate 3 and press enter.

Verify Active Directory is working properly

  1. Type dfsrmig /getmigrationstate and press enter.  While the process is completing you may see a notice similar to shown below until it is complete.

Verify Active Directory is working properly

  1. Once complete you will see the following results.

Verify Active Directory is working properly

  1. Type Net share and press enter on each domain controller to verify that your SYSVOL is directed to the new location.

Verify Active Directory is working properly

  1. Type repadmin /ReplSum and press enter.  Verify that there are not any replication errors while functioning under the new replication format.

Verify Active Directory is working properly

  1. On each domain controller in the domain, verify that C:\Windows\SYSVOL folder was removed.

Note:  In Windows 2008 Server Core this will be located in a slightly different location C:\windowsSYSVOL for existing c:\SYSVOL_DFSR for the new directory

  1. Verify that the File Replication Service is stopped and disabled on each domain controller in the domain.

Verify Active Directory is working properly

Final Thoughts

Plan for a few hours to work through all of these steps, and make sure you take the time to do ALL the system checks before getting started and in between each step.  This will ensure the success of the replication conversion for your organizations domain.

If there any issues encountered at any step in the process then it will be important to open a support case with Microsoft.  From personal experience I can say that if your domain health is good that this process will be seamless. 

For more information on this topic please see the following article:  http://technet.microsoft.com/en-us/library/dd640019(v=ws.10).aspx

Get proactive with Exchange Management – Trial the Mailscape Monitoring & Reporting Dashboard.