다음을 통해 공유

Active Directory: SYSVOL and NETLOGON

  • 아티클

1.  What SYSVOL is and what it contains.

SYSVOL is an important component of Active Directory.  
The SYSVOL folder is shared on an NTFS volume on all the domain controllers within a particular domain.
SYSVOL is used to deliver the policy and logon scripts to domain members.

By default, SYSVOL includes 2 folders:

  1. Policies
    Default location:  %SystemRoot%\SYSVOL\SYSVOL\<domain_name>\Policies

  2. Scripts
    Default location:  %SystemRoot%\SYSVOL\SYSVOL\<domain_name>\scripts

*Note: * These default locations can be changed.

2.  The importance of SYSVOL.

As I mentioned above, SYSVOL contains 2 folders: "Policies" and "Scripts."

Policies:  Under the Policies folder all the Group policies which are defined in a particular domain exist. Refer to the screenshot

 

Note that you can see 3 GPT's are available in above screenshot. When you create a new group policy in your active directory then a set of folder are created under Policies folder.

For example: I am creating a Policy called "disable screen saver" in my domain and linking that policy to my OU. When I hit create new policy button in GPMC , It will create one GUID Name folder under Policies folder which will be associated to Disable screen saver GPO.

The above screenshot has 3 GPTs that mean 3 Group Policies are present in test.tld domain.

I hope my statements are not confusing when I use words like GPO, GPT, GPC
If someone is getting confused please refer below link which explains about these terms.

http://www.gpoguy.com/FAQs/Whitepapers/tabid/63/articleType/ArticleView/articleId/6/Understanding-Group-Policy-Storage.aspx

So when you make changes to particular Group policy objects that changes will be committed to Associated GUID name folder under SYSVOL.

In short:

The importance of SYSVOL folder: it holds the GPT, and whenever an administrator makes any changes to any of the policies, those changes will be committed to the associated GUID name folder and then they will be replicated to all Domain controllers.

3.  SYSVOL replication methods.

 

SYSVOL can be replicated to all the domain controllers using Distributed File System Replication (DFS-R) if the domain functional level is Windows Server 2008 or higher, or it is replicated using File Replication System (FRS).

For information about DFS-R, see DFS Replication: Frequently Asked Questions (FAQ) and see http://blogs.technet.com/b/askds/archive/2010/04/22/the-case-for-migrating-SYSVOL-to-dfsr.aspx.

Additionally, follow this link - http://technet.microsoft.com/en-us/library/dd640019(v=ws.10).aspx which explains how to migrate from FRS to DFS-R.

For FRS, the SYSVOL schedule is an attribute associated with each NTFRS Replica Set object and with each NTDS Connection object. FRS replicates SYSVOL using the same intrasite connection objects and schedule built by the KCC for Active Directory replication. FRS uses two replication protocols for SYSVOL:

  • SYSVOL connection within a site. The connection is always considered to be on; any schedule is ignored and changed files are replicated immediately.

  • SYSVOL connection between sites. SYSVOL replication is initiated between two intersite members at the start of the 15-minute interval, assuming the schedule is open. The connection is treated as a trigger schedule. The upstream partner ignores its schedule and responds to any request by the downstream partner. When the schedule closes, the upstream partner unjoins the connection only after the current contents of the outbound log, at the time of join, have been sent and acknowledged.

For more about FRS, see How FRS Works.

4. Common SYSVOL error and problems.

 

A . SYSVOL and NETLOGON shares are missing.

Take a scenario, when you add a new domain controller to your domain and you see there is no SYSVOL and NETLOGON folder available on the domain controller

Note - NETLOGON Share is not a Folder named NETLOGON On Domain controller . In fact it is a folder where , all the logon scripts are stored. So as mentioned above , Script folder under SYSVOL folder will act as NETLOGON share ( Location - %SystemRoot%\SYSVOL\SYSVOL\domain DNS name>\scripts)

This mainly occurs if the SYSVOL replication is broken. In some cases after you added a new domain controller , SYSVOL replication may take some time.( Approximately you need to wait for some hours)

 **B.Journal Wrap Error

**Read http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx , This article explains what is Journal wrap error on SYSVOL , How it happens.

Above are most common errors when you consider SYSVOL in Active Directory.

Now,

Finally what are the steps we can follow when this Above errors are encountered.

5. Troubleshooting SYSVOL Error messages

.

A . SYSVOL and NETLOGON shares are missing.

As I mentioned before it might be an issue with SYSVOL replication broken between Domain controllers.

You can start with forcing the replication between the domain controllers. Follow below link.

http://www.windowstricks.in/2009/11/force-SYSVOL-replication.html

If above does not help, then here is the most popular method to resolve this:

[http://support.microsoft.com/kb/947022

](http://support.microsoft.com/kb/947022)
**B . Journal Wrap Error 
** 
If Journal wrap error occurs , then we can set a burflag value to D2 in the registry on a domain controller where Journal wrap error events are getting generated. By doing this Domain controller will dump the preexisting folders and start replicating new content from one of its FRS replication partners.

                        or

We can set burflag to D4 which does exactly opposite to above . That is , when you set D4 on a particular domain controllers its data will act as Authoritative , Result, all the domain controllers in your domain  will replicate from the Domain controller where this burflag is set to D4

Note - Setting BurFlag to D4 is the last option , 90% cases will be resolved by setting up burflag to D2

Follow below articles which explains how to set these flags.

What happens in journal Wrap?

http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx

Restoring the SYSVOL when replicated through the NTFRS mechanism
**
http://blogs.dirteam.com/blogs/jorge/archive/2010/08/12/restoring-the-SYSVOL-non-authoritatively-when-either-using-ntfrs-or-dfs-r-part-1.aspx

Restoring the SYSVOL when replicated through the DFS-R mechanism

http://blogs.dirteam.com/blogs/jorge/archive/2010/08/13/restoring-the-SYSVOL-non-authoritatively-when-either-using-ntfrs-or-dfs-r-part-3.aspx

Hope this information helps to understand what is SYSVOL and how to troubleshoot the problems of SYSVOL.

I will be posting some more articles , Keep watching for them :)

Regards,

_Prashan

**