DFSR AUTHORITATIVE RESTORE
11/24/19 - activedirectory,windows,dfsr,kb,storage
Steps should be ran from the Autoritative DC (generally the PDC Emulator role), unless otherwise noted.
You can verify which server has the PDC Emulator role by running from an elevated command prompt:
netdom query fsmo
- Stop the DFSR Replication service in Services.msc (on all DC’s, if more than 1)
- Launch ADSIEDIT.msc
- Navigate to
"CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSRLocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>"
The ADSI path is read backwards - Alter the following attributes:
- msDFSR-Enabled=FALSE
- msDFSR-options=1
- IF THERE ARE OTHER DC’s:
- Launch ADSIEDIT.msc on the other DC’s and navigate to the same path
- Alter the following attribute:
- Start the DFSR Replication service on the authoritative DC
- Verify Event ID 4114 in the DFS Replication Event Log This event ID will indicate that the replicated folder has been disabled
- Return to ADSIEDIT.msc and alter the following attribute:
- Run:
DFSRDIAG POLLAD
- If dfsrdiag comes back unrecognized, open an elevated PowerShell prompt and run:
- Re-run the command
DFSRDIAG POLLAD
- Verify Event ID 4602 in the DFS Replication Event Log
- This will indicate that the replicated folder has been re-initialized, and is now the authority on the replication
- Verify that the SYSVOL share is active with
net share
- IF THERE ARE OTHER DC’s:
- Start the DFS Replication service on the non-authoritative DCs, verify Event ID 4114
- In ADSIEDIT.msc edit the attribute on all the non-authoritative DCs:
- In an elevated command prompt on each of the non-authoritative DCs, run
DFSRDIAG POLLAD
Comments Section
There's nothing here, yet. Feel free to submit your own comment below.