Complete restore of 2 Domain Controllers. 2008 Functional Domain, no FRS, DFSR only. SYSVOL not replicating.
Please read before mentioning other articles, I've spent hours researching forums and KBs.
I recently had to do a complete restore of our two domain controllers (one per site) due to a DNS error with no backup. (yes, backups now occurring) Alls well after the restore. AD Replication works, DNS functions as it used to. Inbound connections test cleanly between domain controllers. The only problem is DFS-R does not appear to be replicating the SYSVOL folder. I have found a TON of info about this situation, but I wanted to ask with my scenario in mind, and what you all think the best option would be to get SYSVOL back in sync for me.
Currently we are on a 2008 Functional Domain, so there is no FRS running, that takes 90% of the support artciles out of the question for me.
I was planning on doing an ASDIedit on DC1 and making it the authoritative DFSR, while then making DC2 the non-authorative and forcing the sync. That requires registry changes, and doesn't look like it always does the trick from previous responses.
My wonder if it's a better option simply to demote DC2, and then promote it again. DC1 is in working shape after the rebuild, and a demote/promote would be fairly painless as DC2 is only doing DHCP, DNS, and Print Serving. No files served. My wonder is, will a proper demote/promote of JUST DC2 fix the DFSR sync issues?
Any help greatly appreciated. Thanks all.
Have you considered/tried resetting the secure channel between the 2 DC and then forcing replication using repadmin /syncall?
To reset the secure channel you can use the nltest command. For complete cmd list check the following article:
Hope it helps.
MCTS - Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.