Symptoms
SYSVOL empty but share existant. NETLOGON share non-existant GPO’s console list all old GPO, but can’t display any detail on all GPO.
Scenario
First DC (DC#1) in Windows 2003
Second DC (DC#2) in Windows 2008R2
Each are Global Catalogue.
DC#1 is old, no longer in the backup schedule. DC#2 got all FSMO’s role and is the primary DC.
Problem;
The datastore die. We restore the the system-state from DC#2, and we find ourselft faced with the FAQ that the SYSVOL is empty.
From the tape we found that the SYSVOL was not replicating, so it seem an issue that the SYSVOL does not replicating when you have a 2003 and you DCPROMO an 2008’s DC.
How to
First step done is that;
To complete an authoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so: 1.Click Start, and then click Run. 2.In the Open box, type cmd and then press ENTER. 3.In the Command box, type net stop ntfrs. 4.Click Start, and then click Run. 5.In the Open box, type regedit and then press ENTER. 6.Locate the following subkey in the registry: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNtFrsParametersBackup/RestoreProcess at Startup 7.In the right pane, double click BurFlags. 8.In the Edit DWORD Value dialog box, type D4 and then click OK. 9.Quit Registry Editor, and then switch to the Command box. 10.In the Command box, type net start ntfrs. 11.Quit the Command box. When the FRS service is restarted, the following actions occur:•The value for the BurFlags registry key is set back to 0. •An event 13566 is logged to signal that an authoritative restore is started. •Files in the reinitialized FRS replicated directories remain unchanged and become authoritative on direct replication. Additionally, the files become indirect replication partners through transitive replication.•The FRS database is rebuilt based on current file inventory. •When the process is complete, an event 13516 is logged to signal that FRS is operational. If the event is not logged, there is a problem with the FRS configuration.
After that test, the folder was still empty.
So the final test was simple.
I created the scripts folder in the c:windowsSYSVOLSYSVOLdomain.nameSCRIPTS and shared it to NETLOGON and runned : DCGPOFIX
That reset/recreate the default domain policy, and after you just need to erase all old GPO that are still empty in your console.
Thanks everyone !
nb; Article published in the TNWiki there too : http://social.technet.microsoft.com/wiki/contents/articles/17478.directory-service-netlogon-missing-after-a-restore.aspx
Phil’s Blog | IT to the core ! 