This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 87%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi
I have not been able to find someone with this exact issue however I have three Windows Server 2019 Evaluation Editions running for testing and educational purposes. I created this active directory on Windows Server 2019 and I had group policies set to auto config for Windows Hello For Business. I am looking at the local group policy folder on my PC which is joined to the AD and it has not synced my AD polices.
I have each servers DNS pointing at each other and 127.0.0.1 as the third DNS option in each server.
I go to run the command "dfrs /setglobalstate 1" and it will return with
Unable to create DFSR Migration log file.
Unable to create DFSR Migration log file. Error 5 Current DFSR global state: 'Eliminated' New DFSR global state: 'Prepared'
Invalid state change requested.
I think this is because Windows Server 2019 does not need to migrate but every guide that I have read uses this to sync between their servers or maybe I am reading false sources.
Any help is appreciated,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
If the first DCs in your environment was 2019 server, the FRS won't be used .
In your situation , i would check the gpresult firstly with the command :gpresult /h report.html.
If possible , you can show a screenshot of that.
And i would also recommend you check if the replication is working in the domain with command :
Dcdiag /v >c:\dcdiag1.log
Repadmin /showrepl >C:\repl.txt
Best Regards,
That's correct. Server 2019 OOB uses DFSR, Server 2016 is the last operating system where FRS was an option (from directory upgrade) for active directory replication technology. Server 2003 was the last operating system to use FRS OOB when creating a new domain.
--please don't forget to Accept as answer if the reply is helpful--
So I got that part set in stone now but that doesn't explain why my group-polices are syncing between the server(s) and clients
Might check the event logs for clues, other things to try are a non-authoritative synchronization, or try demote, reboot, promo again.
https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative-synchronization-fo
--please don't forget to Accept as answer if the reply is helpful--
I'd check the DFS Replication service is running on all members and that ports required are flowing between sites.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts
https://www.microsoft.com/en-us/download/details.aspx?id=24009
--please don't forget to Accept as answer if the reply is helpful--
Hi,
Since there are 1726 error and 1722 error, i would also suggest you check if DFS Replication service is running on all members and the firewall configuration .
Following link for your reference:
Active Directory replication error 1722: The RPC server is unavailable
https://social.technet.microsoft.com/Forums/WINDOWS/en-US/d27bd902-034e-4230-9516-0ede42308193/event-5014-dfsr-error1726?forum=winserverfiles
I would delete the logs due to security reason.
Best Regards,