How to troubleshoot a lack of SYSVOL and NETLOGON shares on a replica domain controller that is missing the SOLVOL and NETLOGON shared

on a Win Server 2003 domain controller, but the first domain control in the new domain This can also happen on the device. You can perform these steps on the replica domain controller, or you can perform all of these steps except the specific steps of the replication for the first domain controller in the domain. • The NTDS connection object exists in the DS of each replication partner.

The NTDS connection is a one-way connection. The directory service uses these connections to replicate Active Directory, and the File Replication Service (FRS) uses these connections to replicate the file system portion of the system policy in the SYSVOL folder. The Knowledge Consistency Checker (KCC) is responsible for establishing NTDS connection objects to form a well-connected topology between domains and domain controllers in the forest. If there is no automatic connection, the administrator can also create a manual connection object.

Use the Sites and Services (Dssite.msc) snap-in to check for connection objects that exist between the problem computer and an existing domain controller. To copy between computers \\\\M1 and \\\\M2, \\\\M1 must have an inbound connection object from \\\\M2, and \\\\M2 must have an inbound connection object from \\\\M1. Use the Connect to Domain Controller command in Dssites.msc to view and compare perspectives of the in-domain connection objects for each domain controller.

If the new replica member does not have a connection object, use the Check Replication Topology command in Dssites.msc to force KCC to create an auto-join object. After doing this, press the F5 key to refresh the view.

If KCC cannot establish an automatic connection, the administrator must establish a manual connection object for a domain controller that does not have an inbound or outbound connection to or from another domain controller in the domain. If you create a single valid manual connection object, KCC can successfully establish an automatic connection object. Remove duplicate manual or automatic connections from the same domain controller in the domain to avoid configurations that prohibit replication. For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:
251250 (http://support.microsoft.com/kb/251250/EN-US/) NTFRS Event ID 13557 Is Recorded When Duplicate NTDS Connection Objects Exist
• Active Directory replication takes place between the new domain controller in the domain and the existing domain controller.

Use Repadmin.exe to verify that Active Directory replication is between the source domain controller and the target domain controller in the same domain at the scheduled replication interval. The default replication interval between domain controllers in the same site is 5 minutes, and the default replication interval between domain controllers in different sites is 3 hours, and the minimum is 15 minutes.
REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%

REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%
FRS Replication Dependencies Active Directory replicates configuration information between domain controllers in the domain. If you think there is a problem with replication, check the replication event in the event viewer. Set the Replication Event item in the following registry key to 5 on the potential source machine (\\\\M1) and the target machine (\\\\M2), and then do this:
HKEY_LOCAL_MACHINE\\System\\CCS\\Services\\ NTDS\\Diagnostics\\
After setting this item, use the immediate copy command in Dssites.msc or the equivalent command in REPLMON to force copy from \\\\M1 to \\\\M2 and from \\\\M2 to \\\\M1 .
• The server used to find the source of the Active Directory and SYSVOL folders should have created the NETLOGON and SYSVOL shares themselves.

After the Dcpromo.exe program restarts the computer, FRS first attempts to find the source of the SYSVOL share from the computer identified in the following Replica Set Parent Server registry key:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ Services\\NTFRS\\Parameters\\SysVol\\Domain Name
Note: This entry is temporary and will be deleted after the source of SYSVOL is found or after the information under SYSVOL is successfully copied.

The 2195 release of Ntfrs.exe prohibits replication from this initial source server. This delays SYSVOL replication until FRS can attempt to replicate from an inbound replication partner in the domain through an automatic or manual NTDS connection object.

Typically, all potential source domain controllers in the domain have shared the NETLOGON and SYSVOL shares, and the default domain and domain controller policies have been applied.

SYSVOL folder structure: • domain • DO_NOT_REMOVE_NtFrs_PreInstall_Directory
• Policies • {GUID} • Adm
• MACHINE
• USER

• {GUID} • Adm
• MACHINE
• USER

• {etc.,}
• scripts
• staging
• staging areas
• myDomainName.com
• scripts
• sysvol (sysvol share)
• myDomainName.com
• DO_NOT_REMOVE_NtFrs_PreInstall_Directory
• Policies
• {GUID} • Adm
• MACHINE
• USER

• {GUID} • Adm
• MACHINE
• USER

• {etc.,}

• scripts (NETLOGON share)


• must Grant the "Access this computer from the network" privilege to the Enterprise Domain Controllers group in the default domain controller policy in the domain controller organizational unit.

Active Directory replication performed during the process of using the Dcpromo.exe program uses the credentials provided in the Active Directory Installation Wizard. When restarting, it is replicated in the context of the domain controller's computer account. All source domain controllers in the domain must successfully replicate and apply the policy that grants the "Access this computer from the network" privilege to the "Enterprise Domain Controllers" group. For quick verification, look for event 1704 in the application log of the potential source domain controller. For detailed verification, run a security configuration analysis and check the log output for the Basicdc.inf template. Note that this requires defining environment variables for SYSVOL, DSLOG, and DSIT. For additional information about how to do this, click the article number below to view the article in the Microsoft Knowledge Base:
250454 (http://support.microsoft.com/kb/250454/EN-US/Error Returned Importing Security Template
In Windows Server 2003, there is no Basicdc.inf template. To reapply the default settings or compare the current settings to the default settings, use the "Install security.inf" template.
• Each domain controller must be able to resolve (ping) the fully qualified computer name of the computer that joined the replica set.

For SYSVOL, this means pinging the fully qualified computer name of all domain controllers in the domain. Verify that the address returned by the ping command matches the IP address returned by IPCONFIG in each replica set partner console.
• The FRS service must have created the NTFRS jet database.

Run the DIR \\\\computername\\Admin$\\NTFRS\\Jet command for each domain controller in the domain to confirm the existence of the Ntfrs.jdb file. The data and size of the jet database may not be correct when the NTFRS service is running. This phenomenon is caused by the design.
• Each domain controller must be a member of the SYSVOL replica set.

On all replica set members, run the NTFRSUTL DS [computer name] command. Verify that all domain controllers in the domain are displayed under the "SET:DOMAIN SYSTEMVOLUME (SYSVOL SHARE)" section of the NTFRSUTL output. When you open Advanced Features under the View menu, the SYSVOL replica set and its members can also be displayed in the User and Computer (Dsa.msc) snap-in by cn="domain system volume",cn=file replication service,cn =system,dc=FQDN.
• Each domain controller must be a subscriber to the replica set.

On all replica set members, run the NTFRSUTL DS [computer name] command. Subscriber objects are displayed in cn=domain system volume (SYSVOL share), cn=NTFRS Subscriptions, CN=DCNAME, OU=Domain Controllers, DC=FQDN. This requires a computer object to exist and has been copied. NTFRSUTL can generate the following message when a subscriber object is missing:
SUBSCRIPTION:NTFRS SUBSCRIPTIONS DN :cn=ntfrs
subscriptions,cn=W2KPDC,ou=domain controllers,dc=d...Guid :
5c44b60b- 8f01-48c6-8604c630a695dcdd
Working :f:\\winnt\ tfrs
Actual Working:f:\\winnt\ tfrs
WIN2K-PDC IS NOT A MEMBER OF A REPLICA SET!
• Must be turned on Copy plan".
• The logical drive hosting the SYSVOL share and scratch folder has a large amount of free disk space in the upstream and downstream partners. For example, the space is 50% of the content you are trying to copy and three times the maximum file size you copied.
• Check the target folder and staging folder of the new copy (shown in "NTFRSUTL DS") to see if the file is being copied. The files in the staging folder must be in the process of being moved to the final location. The ever-changing number of files in the staging folder or the target folder is really a useful signal, so we can see that the file is being copied in the target folder or is being converted to the target folder.