Migrating the File Replication Service (FRS) to Distributed File System Replication (DFSR) for SYSVOL Replication
Let’s say you are trying to upgrade one of your Active Directory Domain Controllers (DCs) running on a previous version of Windows Server to Windows Server 2019. You may see the following error:
Verification of replica failed. The specified domain [DomainName] is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.
What is SYSVOL Anyway?
The SYSVOL folder on drive C of DCs is used to replicate logon scripts and group policy files to other DCs. The older versions of Windows Server (2000/2003) used FRS to replicate SYSVOL. Starting with Windows Server 2008, Microsoft decided to use Distributed File System Replication (DFSR) to replicate the SYSVOL folder for domains that have the Domain Functional Level (DFL) set to Windows Server 2008. However, if the DFL isn’t raised to at least Windows Server 2008 then the DCs still use the older FRS to replicate SYSVOL.
DFSR is much more reliable and scalable compared to FRS. It addresses several issues that FRS had over the years. So what should you do if you want to use DFSR? You can either migrate FRS replication to DFSR, or create a new domain whose DFL would be at least Windows Server 2008. Depending on who you talk to, either people would freak out at the thought of going through the routine to migrate FRS to DFSR, or they will tell you it’s a piece of cake and takes only a few minutes. As you would imagine, a lot depends on your situation and environment.
How to Migrate FRS to DFSR?
As you can see in the above error message, because FRS has been deprecated, you must configure your domain to migrate from FRS to DFSR. First of all, make sure you read SYSVOL Replication Migration Guide: FRS to DFS Replication. It’s an older guide, but Microsoft provides a lot of useful, in-depth information about the process. If you just want to go straight to the migration, you would like Ned Pyle’s article Streamlined Migration of FRS to DFSR SYSVOL. The original article was written in 2014, but Ned updated it on June 20, 2017. In his article, he offers three types of migration options.
- Quick Migration
- Express Migration
- Hyper Migration
He recommends using the Quick Migration in situations where you don’t know the health of AD and SYSVOL on all the DCs. If you know the health and state of your AD environment, then you can either use Express Migration or Hyper Migration. The only difference between the two is whether you want the ability to rollback or not. Express Migration will allow you to rollback so you are not stuck with an unstable Active Directory in case things go awry.
To get started, choose a migration option. I prefer the Express Migration because of its rollback capability, but you may prefer a different method. Just follow the instructions in Ned’s article to go through the various states (Prepared State -> Redirected State -> Eliminated State) to complete the migration.
How Long Does it Take to Migrate?
In my experience, the process is pretty streamlined and works flawlessly. On a smaller network with less than five DCs it should take less than 5 minutes to complete the migration. On larger networks it can take much longer, anywhere from a couple of hours to several hours. In rare situations, it may even take several days, but it’s highly unlikely that you will be the only person responsible for FRS migration on such networks. You are likely to be working with a team of experts and there would be a lot of planning involved.
After the Migration
After the migration, when you open the Group Policy Management Console, you may see the following notice.
The permissions for this GPO in the SYSVOL folder are inconsistent with those in Active Directory. It is recommended that these permissions be consistent. To change the SYSVOL permissions to those in Active Directory, click OK.
Simply click OK and you are good to go.
I must say I am impressed with the work Microsoft developers have done to make the migration from FRS to DFSR so simple. Going through this kind of process can be a bit scary for Active Directory administrators and that’s the reason why some people think FRS migration to DFRS can be a daunting task. However, over the years Microsoft has done a fantastic job to make the process as painless as possible. That doesn’t mean that nothing can go wrong. Obviously, you need to make sure you have AD backed up before the migration and if you are dealing with larger networks, you need to make sure you do your research, read the migration guide I mentioned at the beginning of this article, and plan accordingly.
Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. |
Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.
What font is used in this article? Thank you!
@Tom: The font is called Titillium Web. It’s the default font for my WordPress theme.