I came across a scenario the other week where newly promoted 2012 R2 domain controller would not complete it’s initial SYSVOL replication and in doing so was failing to advertise properly as an available authentication server. The only way I was able to resolve this issue was to perform an authoritative synchronisation of the SYSVOL folder using the PDC as the master.
To perform this please follow the following steps. You should install the DFS Replication role to each domain controller in order to use the DFSR command tools.
- Open ADSI Edit on the PDC and connect to the default naming context.
- Navigate to CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>,DC=<local>
- Modify the attribute msDFSR-Enabled=FALSE
- Modify the attribute msDFSR-options=1
- For AD replication throughout the forest. You can do this by performing repadmin /replicate <other dc fqdn> <pdc fqdn> “DC=domain,DC=local” /full /force
- Next modify the msDFSR-Enabled=FALSE attribute on all other domain controllers and repeat step 5
- Start the DFSR service on the PDC and set as authoritative
- Look for Event ID 4114 in the DSFR event log
- Modify the attribute msDFSR-Enabled=True on the PDC
- Repeat Step 5
- Run DFSRDIAG POLLAD from the PDC
- Look for Event ID 4602 to indicate SYSVOL has been initialised
- Start the DFSR service on all other domain controllers and you should see Event ID 4114 in each event log
- Modify the attribute msDFR-Enabled=True on all other domain controllers
- Repeat step 5
- Run DFSRDIAG POLLAD on all other domain controllers
- SYSVOL should now replicate between all domain controllers having this issue
To force a SYSVOL replication you can use DFSR command line tool from the PDC
DFSRDIAG SyncNow /Partner:<other dc fqdn> /RGName:”Domain System Volume” /Time:5