Introduction to Administering SYSVOL
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The Windows Server 2003 System Volume (SYSVOL) is a collection of folders and reparse points in the file systems that exist on each domain controller in a domain. SYSVOL provides a standard location to store important elements of Group Policy objects (GPOs) and scripts so that the File Replication service (FRS) can distribute them to other domain controllers within that domain.
Only the Group Policy template (GPT) is replicated by SYSVOL. The Group Policy container (GPC) is replicated through Active Directory replication. To be effective, both parts must be available on a domain controller.
FRS monitors SYSVOL and, if a change occurs to any file stored on SYSVOL, then FRS automatically replicates the changed file to the SYSVOL folders on the other domain controllers in the domain.
The day-to-day operation of SYSVOL is an automated process that does not require any human intervention other than watching for alerts from the monitoring system. Occasionally, you might perform some system maintenance as you change your network.
This objective describes the basic tasks required for managing SYSVOL in order to maintain capacity and performance of SYSVOL, for hardware maintenance, or for data organization.
Key considerations for administering SYSVOL
To manage SYSVOL, ensure that FRS properly replicates the SYSVOL data and that enough space is provided to store SYSVOL. Implement a monitoring system to detect low disk space and potential FRS disruptions so that you can address those issues before the system stops replicating. You can use the Ultrasound utility to monitor FRS. To download Ultrasound, see Ultrasound - Monitoring and Troubleshooting Tool for File Replication Service (FRS) on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=23439).
Other key considerations for managing SYSVOL are:
Depending upon the configuration of your domain, SYSVOL can require a significant amount of disk space to function properly. During the initial deployment, SYSVOL might be allocated adequate disk space to function. However, as your Active Directory grows in size and complexity, the required capacity can exceed the available disk space.
If you receive indications that disk space is low, determine if the cause is due to inadequate physical space on the disk or a registry setting that limits the size of the staging area. By modifying a setting in the registry, you can allocate more staging area space, rather than relocating SYSVOL or the staging area. Increasing the space allocation in the registry is much faster and easier than relocation
Any changes made to SYSVOL are automatically replicated to the other domain controllers in the domain. If the files stored in SYSVOL change frequently, the replication increases the input and output for the volume where SYSVOL is located. For example, editing a GPO can potentially force a GPO-level replication. If the volume is also host to other system files, such as the directory database or the pagefile, then the increased input and output for the volume can impact the performance of the server.
- Hardware maintenance.
System maintenance, such as removal of a disk drive, can require you to relocate SYSVOL. Even if the maintenance occurs on a different disk drive, verify that that maintenance does not affect the system volume. Logical drive letters could change after you add and remove disks. FRS locates SYSVOL by using pointers stored in the directory and the registry. If drive letters change after you add or remove disk drives, be aware that these pointers are not automatically updated.
- Backing up Group Policy objects (GPOs).
The successful operation of Group Policy is heavily dependant on the reliable operation of SYSVOL. Key components of the GPO exist in the SYSVOL (in the policies subdirectory) and it is essential that these remain in sync with related components in Active Directory. Therefore, backing up only the SYSVOL component does not represent a full and complete backup of your GPOs. The Group Policy Management Console (GPMC) provides both UI-based and scriptable methods for backing up GPOs. It is important that you back up GPOs as part of your regular backup/disaster recovery processes. Soon after installation of a new domain, the default domain and default domain controllers' GPOs should be backed up. They should also be backed up after any subsequent changes are made.
Understanding the SYSVOL folder structure
Before you attempt to relocate all or portions of the system volume, you must clearly understand the folder structure and the relationships between the folders and the path information that is stored in the registry and the directory itself. When folders are relocated, any associated parameters that are stored in the registry and the directory must be updated to match the new location. The folder structure contains junctions that might also require updating when folders get moved to a new location.
Maintaining the relationship between the folders, junctions, and stored parameters is important when you must relocate all or portions of SYSVOL. Failure to do so can result in files being replicated to or from the wrong location. It can also result in files failing to replicate, yet FRS will not report any errors. Due to the configuration error, FRS looks in the wrong location for the files that you want to replicate.
The folder structure used by the system volume uses a feature called a junction point. Junction points look like folders and behave like folders (in Windows Explorer you cannot distinguish them from regular folders), but they are not folders. A junction point contains a link to another folder. When a program opens it, the junction point automatically redirects the program to the folder to which the junction point is linked. The redirection is completely transparent to the user and the application.
For example if you create two folders, C:\Folder1 and C:\Folder2, and create a junction called C:\Folder3, and then link the junction back to Folder1, Windows Explorer displays three folders:
If you open Folder3, Windows Explorer is redirected to Folder1 and displays the contents of Folder1. You receive no indication of the redirection because it is transparent to the user and to Windows Explorer. If you look at the contents of Folder1, you see that it is exactly the same as the contents displayed when you open Folder3. If you open a command prompt and list a directory, all three folders appear in the output. The first two are type <DIR> and Folder3 is type <JUNCTION>. If you list a directory of Folder3, you see the contents of Folder1.
To create or update junctions, you need the Linkd.exe tool supplied with the Windows 2000 Server Resource Kit. Linkd allows you to create, delete, update, and view the links that are stored in junction points.
By default, the system volume is contained in the %systemroot%\SYSVOL folder. The tree of folders contained within this folder can be extensive, depending on how your network uses FRS. When relocating folders in the system volume, ensure that you move all folders (including any hidden folders) and ensure that the relationships of the folders do not change unintentionally. When you relocate folders, you need to be concerned with the first three levels of subdirectories in order to properly update the parameters used by FRS. These levels are affected by junction points and parameter settings. These folders include:
%systemroot%\SYSVOL\Staging Areas FQDN
(where FQDN is the fully qualified domain name of the domain that this domain controller hosts.)
If any of the folders do not appear in Windows Explorer, click Tools and then click Folder Options. On the View tab, select Show hidden files and folders.
If you use Windows Explorer to view these folders, they appear to be typical folders. If you open a command prompt and type dir to list these folders, you will notice two special folders are listed as <JUNCTION>. Both folders labeled FQDN are junction points. The junction in %systemroot%\SYSVOL\Sysvol links to %systemroot%\SYSVOL\Domain. The junction in %systemroot%\SYSVOL\Staging Areas is linked to %systemroot%\SYSVOL\Staging\Domain. If you change the path to the folders to which the junctions are linked, you must also update the junctions, including drive letter changes and folder changes.
Besides junction points linking to folders within the system volume tree, the registry and the directory also store references to folders. These references contain paths that you must update if you change the location of the folder. FRS uses two values that are stored in the directory. The first value, fRSRootPath, points to the location of the policies and scripts that are stored in SYSVOL. By default, this location is the %systemroot%\SYSVOL\Domain folder. The second value, fRSStagingPath, points to the location of the folders used as the staging area. By default, this location is the %systemroot%\SYSVOL\Staging\Domain folder. The Net Logon service uses a parameter stored in the registry to identify the location of the folder that it uses to create the SYSVOL and NETLOGON share points. By default, this path is %systemroot%\SYSVOL\Sysvol. If you change the paths to these folders, you must update these values.
When relocating SYSVOL, you first move the entire folder structure to a new location; then you update all the junction points and the parameters that are stored in the registry and the directory in order to maintain the relationships between the parameters, the folders, and the junctions. Optionally, you can relocate the staging area and leave the rest of the system volume at its original location. In this case, you must update the fRSStagingPath parameter in the directory and the junction point stored at %systemroot%\SYSVOL\staging areas.