DFRS Replication Errors

I have recently been doing some work on my network, I have a physical domain controller and a virtual domain controller both running Windows Server 2012, I was wanting to upgrade them both to R2 but ran in to a small issue when I was forest preping the domain. So after some time figuring it out it turned out to be that there was an issue with DFRS and it was not allowing the second domain controller to get the SYSVOL or NETLOGIN shares (which of course is bad).

So after many hours of goggling I came across a few things that i tried and failed but then suddenly I found a Microsoft guide (http://support.microsoft.com/kb/2218556) that helped me out šŸ™‚

I am going to go through the guide here with extra help so you can get it done quickly šŸ™‚ (Here is what I did)

1. Open up ADSIEDIT.MSC and head to

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>

Set the values below

msDFSR-Enabled=FALSE
msDFSR-options=1

2.Ā Modify the following DN and single attribute onĀ allĀ other domain controllers in that domain: ( In my case this was just one other DC2)

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<each otherĀ server name>,OU=Domain Controllers,DC=<domain>

Set the values below

msDFSR-Enabled=FALSE

3. Force Active Directory replication throughout the domain and validate its success on all DCs.

To do this load up Active Directory Sites and Services and go to the Site that the domain controllers are in and then go to the NTDS Settings Right click on the Connection and click “Replicate now” Also go to the other domain controller in my case DC2 and click “Replicate configuration to the selected DC“.

I then waited a minute and the went to \\DC2 and I saw all of shares that needed to be there šŸ˜€

4. I Then restarted the DFS Replication Service

5. I Then went back on the DC1 config and set

msDFSR-Enabled=TRUE

6. I then repeated (Step 3)

7. Run the following command from an elevated command prompt on the same server that you set as authoritative in my case (DC1):

DFSRDIAG POLLAD

8. Modify the following DN and single attribute onĀ allĀ other domain controllers in that domain in my case (DC2):

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<each otherĀ server name>,OU=Domain Controllers,DC=<domain>

msDFSR-Enabled=TRUE

9. Run the following command from an elevated command prompt on allĀ non-authoritative DCs (i.e. all but the formerly authoritative one):

DFSRDIAG POLLAD

Leave a Reply