This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 90%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Hello,
I have an old setup with 4 Domain Controllers 3 Windows Server 2003 and one Windows 2008 R2. Last Week we had a Ransomware attack and it corrupted the SYSVOL folder. I have Recent AD back which I restored in my Lab and copied the clean SYSVOL folder to the existing SYSVOL (deleted the Contents in Sysvol).
Reference Server is build and changed the Registry value to D4 and all other ADC I did D2 after restarting the ntrs and netlogon I see
NtFrs_PreExisting___See_EventLog in the SYSVOL, how can I avoid this ?
If you have restored a domain controller from a recent backup then the recommended (and simplest) method is to rebuild the other ones.
--please don't forget to Accept as answer if the reply is helpful--
DSpatrick thanks for the answer I have a dc with exchange 2007 installed on it. Again my question is after restore why I see NtFrs_PreExisting___See_EventLog in the SYSVOL
Definitely not a good scenario to install exchange on a domain controller. You can follow along here.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/rebuild-sysvol-tree-and-content-in-a-domain
--please don't forget to Accept as answer if the reply is helpful--
ur right i have used the same link for restore
I'd try the authoritative restore
https://learn.microsoft.com/en-US/troubleshoot/windows-server/networking/use-burflags-to-reinitialize-frs#authoritative-frs-restore
--please don't forget to Accept as answer if the reply is helpful--