FRS to DFS-R SYSVOL Upgrade

Author by Paul Harris

What is the SYSVOL?

In simple terms, Active Directory’s SYSVOL exists on every Domain Controller in your domain. It contains your network’s synchronized public files that clients access. The default location is C:\Windows\SYSVOL but it can be placed anywhere during the Domain Controller Promotion (DCPromo) process.

 

FRS vs DFS-R

FRS is the legacy file replication technology for Windows Server. It is a multiple master and multi-threaded technology. Any server can make changes, and entire files will be updated on the neighboring servers.

Any new domain built on Windows 2008 or newer will use DFS-R for SYSVOL. Upgrading functional levels does not upgrade FRS to DFS-R. Starting with Windows Server version 1709 (2016) you will see an error when trying to promote a server to be a Domain Controller. The biggest improvement is DFS-R only replicates the pieces of data that has changed making it far more efficient than FRS.

 

How to Upgrade

First off, you can run dfsrmig /getmigrationstate in a command prompt on your primary DC to check if your domain has been upgraded. If it reports back with “State 0: Start”, your domain has not been upgraded yet. Also, please verify that the built-in Administrators group still possess the “Manage Auditing and Security Log” user right on all DCs. This is set this way by default, but someone may have removed it.

There are a couple ways you can migrate. This TechNet post summarizes all three (https://techcommunity.microsoft.com/t5/Storage-at-Microsoft/Streamlined-Migration-of-FRS-to-DFSR-SYSVOL/ba-p/425405#express). I believe the middle option (Express Migration) is a great fit if you have a good process in place for monitoring your domain’s health.

Nevertheless, it is still wise to run dcdiag and repadmin checks to make sure all Domain Controllers are replicating and healthy. Other tools exist for this as well. Also, I would suggest taking backups of your Domain Controllers before starting the process. You’re only as good as your last backup!

 

  1. Log onto the Domain Controller that has the PDC Emulator FSMO role and run dfsrmig /setglobalstate1 in an Administrative command prompt. This will bring you to the “Prepared” state. The command prompt window will not auto update; so you’ll need to run dfsrmig /getmigrationstate to see where progress is at. This first step will be complete when all DCs report a consistent state, and the getmigrationstate command will report back with: “All domain controllers have migrated successfully to the Global state (Prepared).“

 

  1. Next you will run dfsrmig /setglobalstate2 and migrate to a Redirected state. As before, you’ll need to wait for dfsrmig /getmigrationstate to report back with “All domain controllers have migrated successfully to the Global state (Redirected).“

 

  1. Lastly, we will move to the “Eliminated state.” At this point, DFS-R is replicating SYSVOL and the FRS service is stopped. There is no going back after this step is ran. Make sure all your DCs are have caught up with the changes so far and run the final command: dfsrmig /setglobalstate3 . Once dfsrmig /getmigrationstate reports back “All domain controllers have migrated successfully to the Global state (Eliminated)“ your are finished.

 

For more information please refer to the current Microsoft docs: FRS to DFSR Migration.