You may have Windows Server 2008 R2 machines, perhaps with a Windows Server 2003 forest and a domain functional level still using the File Replication Service (FRS) as the default SYSVOL replication method. If so, you'll need to watch out because if you upgrade to Windows Server 2016 or 2019, you'll have to migrate to Distributed File System Replication (DFSR).

Many networks are still running Windows Server 2003 or 2008 machines as Microsoft Active Directory (AD) domain controllers (DCs). Window Server 2003 systems used FRS for replicating the SYSVOL folder between DCs. Only later did Microsoft change from FRS to DFSR with Windows Server 2008. But many admins just kept using FRS because at that time there was no real pressure to rush and change to DFSR.

With newer releases of Windows Server, such as 2016 or 2019, the possibility for using FRS for replicating SYSVOL between DCs disappeared. In fact, if you try to add a Windows Server 2016 or 2019 system as an additional DC, you'll get an error message saying that specified domain is still using FRS to replicate the SYSVOL share. You can't do that.

I assume you have a mixed environment of legacy Windows Server 2003, 2003R2, and 2008/2008R2 servers, and you want them to migrate to Server 2019 (or 2016).

FRS to DFSR migration checklist ^

Windows Server 2003 or 2003 R2: You must set the domain and forest function level to Windows Server 2008 or later, so if you're still running some legacy Windows Server 2003 or 2003 R2 systems, you should decommission those first.

dcpromo: You should execute the dcpromo command on Windows Server 2003 from a command prompt window with elevated privileges of a domain admin account.

Raise the domain functional level: Run the domain.msc snap-in.

Raise the domain functional level

Raise the domain functional level

Then right-click on Active Directory Domains and Trust and select Raise Forest Functional Level.

Raise the forest functional level

Raise the forest functional level

Move Flexible Single-Master Operations (FSMO) roles to the 2008 Server DC: You might already have done this when adding additional DCs, but make sure this is the case. You should also make sure you've transferred all FSMO roles to one of your Window Server 2008 or 2008 R2 systems; otherwise, you'll receive prompts to do so, and you won't be able to decommission your old 2003 servers.

dfsrmig: One of the first tools you should be familiar with is the dfsrmig command. It calls the dfsrmig.exe utility, and you can find all syntax and parameters on Microsoft's website here.

The dfsrmig command migrates SYSVOL replication from FRS to DFSR. But dfsrmig can also give you an overview of your architecture's overall state before you actually start migrating.

To verify your DCs are using FRS and not DFSR, you can use this command:

Note that you must be logged in as Domain Admin or Enterprise Admin.

You should run another command, which is:

This command verifies that no other admins before you have tried to run the migration. You might be in a situation where you join a company after the previous admins left, and you don't have an idea what they did, so you need to run this to clear any doubts.

If you want to avoid using the command line while discovering your environment, Microsoft released a tool called FRSDiag, and you can download it here. The latest 1.7 release of this tool came out at the end of October 2019.

FRSDiag helps to get snapshot information about the service, do some automated tests, and show an overview of possible errors that may exist in the environment.

Make sure AD replication works: Another tool from Microsoft is the Active Directory Replication Status Tool. You can download it from Microsoft here. After the installation, you can scan your domain for errors. If you see any errors, you can fix them and continue. You should not attempt migration if you have any errors.

Up-to-date systems only: You should make sure you've installed all updates and security fixes—highly recommended.

Make sure replication for all of your DCs is in good shape and in a healthy state. You can open a command prompt as Administrator and run this command:

It gives you a summary of potential errors on your directory configuration for the entire environment.

Another command can tell you whether SYSVOL is advertised among all DCs without any problems:

If you have errors or the sync has not completed for any reason, you should initiate a full sync and wait. You'll force the replication to run immediately instead of waiting for your DC scheduler's next run.

Run this command:

Is the service running: One issue you might have is quite simple to fix. You should check whether you have the DFSR service running. Go to Server Manager > Configuration > Services and check that the DFSR service is started. Check all of your DCs!

If you can, create a system state backup on all of your DCs. You can use third-party software or the built-in Microsoft backup tool.

Final words ^

Make sure you don't see any errors to avoid troubleshooting afterward. You should attempt to migrate without diagnostics only if you're absolutely sure your AD environment is 100% healthy and has no issues.

Read 4sysops without ads by becoming a member!

Your question was not answered? Ask in the forum!

4+

Users who have LIKED this post:

  • avatar
Share
3 Comments
  1. Joe Schmoe 2 weeks ago

    Post appears as empty?

    0

  2. Techie 2 weeks ago

    Hi Experts,

    I'm currently running a mix of 2008R2 & 2016 DC's with FFL & DFL set to Windows 2003 and hence running FRS in my environment. I do not see any replication errors till now. I'm currently in a process of upgrading the rest of 2008R2 DC's to 2016 as well. Is it mandatory that I should migrate to DFRS if keep all of the DC's 2016 and will there be an issue if I did not migrate to DFRS yet?

    Any expert advise is really appreciated..

    Many thanks,

    Techie

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2020

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account