Sysvol and netlogon share importance in Active Directory

Sysvol and netlogon share importance in Active Directory



1.what is sysvol and contents it includes

Sysvol is an important component of Active Directory. The Sysvol folder is shared on an NTFS volume on all the domain controllers in a particular domain. Sysvol is used to deliver the policy and logon scripts to domain members.

 By default sysvol includes 2 folders
 
 1.Policies - (Default location - %SystemRoot%\Sysvol\Sysvol\domain_name\Policies)
 2.Scripts - (Default lcation - %SystemRoot%\Sysvol\Sysvol\domain_name\Scripts)

Note - We can go ahead and change these default locations.

2.Imprtance of sysvol.

As I mentioned above , Sysvol contains 2 folders namely Policies and Scripts

Policies - Under Policies folder all the Group policies which are defined in a particluar domain exist. Refer the screenshot

 


Note that you can see 3 GPT's are available in above screenshot. When you create new group policy in your active directory then a set of folder are created under Policies folder.
For Eg - I am Creating a Policy called disable screen saver in my domain and linking that policy to my OU. When I hit create new policy button in GPMC , It will create one GUID Name folder under Policies folder which will be associated to Disable screen saver GPO.

To make this simple , Above screen shot has 3 GPT's that mean 3 Group Policies are present in test.tld domain.

I hope , my statements are not confusing when I use words like GPO,GPT,GPC
If someone is getting confused please refer below link which explains about these terms.

http://www.gpoguy.com/FAQs/Whitepapers/tabid/63/articleType/ArticleView/articleId/6/Understanding-Group-Policy-Storage.aspx

So when you make changes to particular Group policy objects that changes will be committed to Assocaited GUID name folder under Sysvol.

In short

    Importance of Sysvol folder is , it holds the GPT , and whenever an administrator makes any changes to any of the policies , that changes will be committed to assocated GUID name folder and then they will be replicated to all Domain controllers.

 

3.Sysvol replication methods.

 

Sysvol can be replicated to all the domain controllers using Distributed File System Replication (DFS-R) if the domain functional level is Windows Server 2008 or higher, or it is replicated using File Replication System (FRS).

For information about DFS-R, see DFS Replication: Frequently Asked Questions (FAQ) and see http://blogs.technet.com/b/askds/archive/2010/04/22/the-case-for-migrating-sysvol-to-dfsr.aspx.

Additionally, follow this link - http://technet.microsoft.com/en-us/library/dd640019(v=ws.10).aspx which explains how to migrate from FRS to DFS-R.

For FRS, the SYSVOL schedule is an attribute associated with each NTFRS Replica Set object and with each NTDS Connection object. FRS replicates SYSVOL using the same intrasite connection objects and schedule built by the KCC for Active Directory replication. FRS uses two replication protocols for SYSVOL:
  • SYSVOL connection within a site. The connection is always considered to be on; any schedule is ignored and changed files are replicated immediately.

  • SYSVOL connection between sites. SYSVOL replication is initiated between two intersite members at the start of the 15-minute interval, assuming the schedule is open. The connection is treated as a trigger schedule. The upstream partner ignores its schedule and responds to any request by the downstream partner. When the schedule closes, the upstream partner unjoins the connection only after the current contents of the outbound log, at the time of join, have been sent and acknowledged.
For more about FRS, see How FRS Works.

4. Common sysvol error and problems.

 

  A . Sysvol and Netlogon shares are missing.

 Take a senario , when you add a new domain controller to your domain and you see there is no sysvol and netlogon folder available on the domain controller

Note - Netlogon Share is not a Folder named Netlogon On Domain controller . In fact it is a folder where , all the logon scripts are stored. So as mentioned above , Script folder under sysvol folder will act as Netlogon share ( Location - %SystemRoot%\sysvol\sysvol\<domain DNS name>\scripts)

  This mainly occurs if the sysvol replication borken. In some cases after you added a new domain controller , sysvol replication may take some time.( Approximately you need to wait for some hours)

 B.Journal Wrap Error

 Read http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx , This article expalins what is Journal wrap error on sysvol , How it happens.

Above are most common errors when you consider sysvol in Active Directory.

Now,

Finally what are the steps we can follow when this Above errors are encoutered.

5. Troubleshooting Sysvol Error messages

.

 A . Sysvol and Netlogon shares are missing.

 As I mentioned before it might be an issue with sysvol replication broken between Domain controllers.

You can start with forcing the replication between the doman controllers. Follow below link.

http://www.windowstricks.in/2009/11/force-sysvol-replication.html

If above does not help then,

Most popular method to resolve this is in below MS KB.

 http://support.microsoft.com/kb/947022


 B . Journal Wrap Error 
 
 If Journal wrap error occurs , then we can set a blurflag value to D2 in the registry on a domain controller where Journal wrap error events are getting generated. By doing this Domain controller will dump the pre-existing folders and start replicating new content from one of its FRS replication partners.

                                                                                                Or

We can set blurflag to D4 which does exactly opposite to above . That is , when you set D4 on a perticular domain controllers its data will act as Authorative , Result, all the domain controllers in your domain  will replicate from the Domain controller where this blurflag is set to D4

Note - Setting BlurFlag to D4 is the last option , 90% cases will be resolved by setting up blurflag to D2

Follow below articles which explains how to set these flags.

What happens in journal Wrap?

http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx

Restoring the SYSVOL when replicated through the NTFRS mechanism

http://blogs.dirteam.com/blogs/jorge/archive/2010/08/12/restoring-the-sysvol-non-authoritatively-when-either-using-ntfrs-or-dfs-r-part-1.aspx

Restoring the SYSVOL when replicated through the DFS-R mechanism

http://blogs.dirteam.com/blogs/jorge/archive/2010/08/13/restoring-the-sysvol-non-authoritatively-when-either-using-ntfrs-or-dfs-r-part-3.aspx

Hope this information helps to understand what is sysvol and how to trobuleshoot the problems of sysvol.

I will be posting some more articles , Keep watching for them :)

Regards,

_Prashan

Sort by: Published Date | Most Recent | Most Useful
Comments
  • This article has tons of errors. The main problem is that FRS replication DOES use AD schedules.

    Intra-site it's hard-coded for notifications for instantenous replication, inter-site FRS is NOT using notifications.

    It triggers replication each time the schedule opens, so at best every 15 minutes.

    You are confusing this behavior with the notifications DFS-R uses inter-site IF the scheulde is open for replication. See:

    blogs.technet.com/.../the-case-for-migrating-sysvol-to-dfsr.aspx

  • The article was updated to fix the mistakes.

  • 16Dec2012 - MS rep or Partner needs to correct many English Language errors found in this (and other content), otherwise anyone trying to follow this information will cause MORE problems than already exist, which WILL generate more MS Support activity. Clear information canNOT rely on automated translations...

Page 1 of 1 (3 items)