Active Directory Forest Recovery - Perform an authoritative synchronization of DFSR-replicated SYSVOL

Artikel
07/10/2023

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2 and 2012

There are different ways to perform an authoritative restore of SYSVOL. You can either edit the msDFSR-Options attribute or perform a system state restore using wbadmin –authsysvol. If you have the option to restore a system state backup (that is, you're restoring AD DS to the same hardware and operating system instance) then using wbadmin –authsysvol is simpler. But if you need to perform a bare metal restore, then you need to edit the msDFSR-Options attribute.

Use the following steps to perform an authoritative synchronization of SYSVOL (if it's replicated using DFSR) by editing the msDFSR-Options attribute. Note it can also be done using PowerShell.

To perform an authoritative synchronization of DFSR-replicated SYSVOL using Active Directory Users and Computers

Open Active Directory Users and Computers.
Select View, and then select Users, Contacts, Groups, and Computers as containers and Advanced Features.
In the tree-view, select Domain Controllers, the name of the DC you restored, DFSR-LocalSettings, and then Domain System Volume.
In the Details pane, right-click SYSVOL Subscription, select Properties, and select Attribute Editor.
Select msDFSR-Options, select Edit, type 1, and select OK.
Select OK to close the Attribute Editor.

Verify if the authoritative restore is successful using PowerShell

After the previous operation, restart the DFSR service:

Restart-Service DFSR -PassThru
Verify the presence if Event ID 4602

Get-WinEvent -LogName 'DFS Replication' | Where-Object ID -EQ 4602 | Format-Table -AutoSize -Wrap

Active Directory Forest Recovery - Perform an authoritative synchronization of DFSR-replicated SYSVOL

Verify if the authoritative restore is successful using PowerShell

Next steps

Feedback

Aanvullende resources