- Logon scripts are typically stored on the domain controller in the Netlogon share, which is located in the %systemroot%System32ReplImportsScripts folder.
- Once the script is placed in the share, it is automatically replicated to all domain controllers in the domain.
- Domain controllers without an SYSVOL share cannot do inbound replication because the original (source) domain controllers are in an error state.
Unraveling the Mysteries: Resolving SYSVOL and Netlogon Replication Issues
Understanding the Issue
Troubleshoot missing SYSVOL and Netlogon replication
If you are experiencing issues with missing SYSVOL and Netlogon replication on your Windows Server, there are a few steps you can take to troubleshoot and resolve the problem.
First, check the state values of the SYSVOL and Netlogon shares on your domain controllers. You can do this by running the following command: dfsrmig /getglobalstate. Make sure the state values are consistent across all domain controllers.
Next, verify that the DFS Replication service is running on all domain controllers. You can do this by opening the Services console and looking for “DFS Replication” in the list of services.
If the SYSVOL folder is empty or missing files, you may need to perform a manual sync or use the DFSRDIAG.exe command-line tool to troubleshoot replication issues.
It’s also worth checking for any driver issues that may be causing the problem. Update your drivers using a reliable driver updater tool like Outbyte Driver Updater to ensure compatibility and stability.
Resolving the Replication Problem
To troubleshoot missing SYSVOL and Netlogon replication, follow these steps:
1. Check the SYSVOL folder on your Windows Server. Open File Explorer and navigate to C:\Windows\SYSVOL. Ensure that the folder exists and contains the necessary files and folders.
2. Verify that the DFS Replication service is running. Open the Services console by pressing Windows key + R, typing “services.msc”, and hitting Enter. Look for the “DFS Replication” service and ensure it is running.
3. Check the status of the SYSVOL share. Open a command prompt with administrative privileges and run the command “net share SYSVOL” to verify that the share is present.
4. Verify the Netlogon service. Open the Services console and ensure that the “Netlogon” service is running.
If these steps do not resolve the replication problem, you may need to investigate further or seek assistance from a Windows Server expert. For more troubleshooting articles, visit the Microsoft Support website.
Steps to Fix the NETLOGON Folder Replication
- Check for DNS configuration issues
- Open Network Connections by right-clicking on the network icon in the taskbar and selecting Open Network & Internet settings.
- Click on Change adapter options.
- Right-click on the network connection being used and select Properties.
- Scroll down and double-click on Internet Protocol Version 4 (TCP/IPv4).
- Ensure that the Preferred DNS server and Alternate DNS server fields are correctly configured.
- Verify the health of the Active Directory Domain Services (AD DS)
- Open Server Manager.
- Select Tools and click on Active Directory Users and Computers.
- Expand the domain node and select the Domain Controllers container.
- Right-click on the domain controller and choose Properties.
- Go to the General tab and check if the This domain controller is a global catalog option is selected.
- If it is not selected, select the option and click Apply.
- Force replication of the SYSVOL folder
- Open Command Prompt as an administrator.
- Run the command dfsrdiag PollAD /Member:%computername% to manually trigger replication.
- Wait for the replication process to complete.
- Reset the Netlogon share
- Open Command Prompt as an administrator.
- Run the command net share Netlogon /delete to delete the Netlogon share.
- Run the command net share Netlogon=C:\Windows\SYSVOL\sysvol\DomainName\Scripts /GRANT:Everyone, FULL to recreate the Netlogon share.
- Restart the Netlogon service
- Open Services by pressing Win+R and typing services.msc.
- Scroll down to locate the Netlogon service.
- Right-click on the Netlogon service and select Restart.
powershell
# Import the Active Directory module
Import-Module ActiveDirectory
# Get a list of domain controllers in the current domain
$domainControllers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty Name
# Loop through each domain controller and check netlogon replication status
foreach ($dc in $domainControllers) {
$replicationStatus = Get-WmiObject -Class Win32_NTEventlogFile -Filter "LogFileName='System' AND EventCode='5719' AND TimeGenerated >= '$((Get-Date).AddHours(-24).ToString("yyyyMMddHHmmss.000000+000"))'" -ComputerName $dc
if ($replicationStatus) {
Write-Host "Netlogon folder replication issue detected on $dc"
# Add further actions or notifications as per your requirements
}
else {
Write-Host "No netlogon folder replication issue detected on $dc"
}
}
Please note that this code only serves as a starting point and may not directly solve your specific replication issue. It demonstrates how you can use PowerShell and the Active Directory module to query event logs for specific replication-related events (5719 in this case) and take further actions based on the results. It is recommended to adapt and customize the code according to your specific requirements and environment.
Preventing Future Replication Issues
To prevent future replication issues when troubleshooting missing SYSVOL and Netlogon replication, follow these steps:
1. Check the SYSVOL Share and Netlogon Share on all domain controllers. Make sure they are accessible and contain the necessary files and folders.
2. Verify the replication status between domain controllers. Use the Repadmin tool or PowerShell cmdlets to check replication errors or delays.
3. Review the event logs for any related errors or warnings. Look for Event IDs 13508 and 13509, which indicate replication problems.
4. Determine if the replication issue is caused by FRS (File Replication Service) or DFSR (Distributed File System Replication). Refer to Microsoft documentation for guidance on troubleshooting specific replication methods.
5. Consider seeding SYSVOLs to resolve replication issues. This involves manually copying the SYSVOL contents from a healthy domain controller to the affected ones.
6. Ensure that all domain controllers are running the same Windows Server version and have the latest updates installed.
By following these steps, you can identify and resolve replication issues, ensuring the proper functioning of your domain system and preventing future malfunctions. For more detailed instructions, refer to Microsoft articles or consult with IT professionals familiar with the subject matter.
Mark Ginter is a tech blogger with a passion for all things gadgets and gizmos. A self-proclaimed "geek", Mark has been blogging about technology for over 15 years. His blog, techquack.com, covers a wide range of topics including new product releases, industry news, and tips and tricks for getting the most out of your devices. If you're looking for someone who can keep you up-to-date with all the latest tech news and developments, then be sure to follow him over at Microsoft.
