Windows Server 2003-2008 R2:

Active Directory Disaster Recovery

Module 7 Lab

SYSVOL Recovery

Student Workbook

Version 1.1

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Information in this document, including URL and other website references, represents the current view of Microsoft
Corporation as of the date of publication and is subject to change without notice to you.

Descriptions or references to third party products, services or websites are provided only as a convenience to you
and should not be considered an endorsement by Microsoft. Microsoft makes no representations or warranties,
express or implied, as to any third party products, services or websites.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious.

Complying with all applicable copyright laws is the responsibility of the user. This document is intended for
distribution to and use only by Microsoft Premier customers. Use or distribution of this document by any other
persons is prohibited without the express written permission of Microsoft. Without limiting the rights under copyright,
no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any
form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without
the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering
subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, this
document does not give you any license to Microsoft’s intellectual property.

MICROSOFT MAKES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE INFORMATION

CONTAINED IN THIS DOCUMENT.

© 2011 Microsoft Corporation. All rights reserved.

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Microsoft Premier Support Services Description Exhibit:
License Terms for Standard Workshop and WorkshopPLUS

This Exhibit is an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and
you. The license terms for Standard Workshops and WorkshopPLUS are made pursuant to your Microsoft Premier
Support Services Description (the “Services Description”). The terms of the Services Description are incorporated
herein by this reference. Any terms not otherwise defined herein will assume the meanings set forth in the Services
Description.

This Exhibit applies to any Standard Workshop or WorkshopPLUS delivered under your Services Description,
including the media on which you received the workshop, if any, and any materials, sample code, documentation or
software provided in conjunction with the Standard Workshop or WorkshopPLUS. These terms also apply to any
Microsoft
 updates,
 supplements, and

 Internet-based services
for a Standard Workshop or WorkshopPLUS, unless other terms accompany those items. If so, those terms apply.
BY PARTICIPATING IN THE WORKSHOP, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO
NOT PARTICIPATE IN THE WORKSHOP OR USE ANY STANDARD WORKSHOP OR WORKSHOPPLUS
MATERIALS AND SOFTWARE.

If you comply with these license terms, you have the rights below.

Scope of License. Subject to the terms of this license, Microsoft grants you: (i) a conditional license to participate in
the Standard Workshop or WorkshopPLUS you have selected, and (ii) a limited, personal right to use the materials,
sample code, documentation and software, if any, that are associated with a Standard Workshop or WorkshopPLUS.
Any rights not granted in this Exhibit are reserved by Microsoft.
Restrictions on Use. Your rights to use the materials, sample code, documentation and software provided in a
Standard Workshop or WorkshopPLUS are limited. You must comply with any technical limitations that restrict your
use. In addition, you may not:

 record the Standard Workshop or WorkshopPLUS in any manner;

 reproduce, store in or introduce into a retrieval system, or transmit in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, any documentation, sample code,
software or materials from a Standard Workshop or WorkshopPLUS;
 work around any technical limitations or restrictions incorporated into the materials, sample code,
documentation or software;
 reverse engineer, decompile or disassemble the software, except and only to the extent that applicable law
expressly permits, despite this limitation;
 publish any documentation, sample code, software or materials from a Standard Workshop or
WorkshopPLUS for others to copy;

 rent, lease or lend any documentation, sample code, software or materials from a Standard Workshop or
WorkshopPLUS; or
 transfer any documentation, sample code, software or materials from a Standard Workshop or
WorkshopPLUS or this agreement to any third party.
Rules for Participation in Standard Workshop and WorkshopPLUS. You agree to abide by the following rules as
a condition of participation in a Standard Workshop or WorkshopPLUS:

 You agree that while on Microsoft property you will comply with all applicable local, state and federal laws,
statutes and regulations, including without limitation, all laws prohibiting harassment of any kind in the
workplace.
 You agree to abide by applicable Microsoft rules, regulations and security measures while participating in a
Standard Workshop or WorkshopPLUS on Microsoft property.

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
  Sample Code and software provided to you are owned solely by Microsoft and licensed to you for install,
use and access while participating in the workshop. Upon completion of the workshop, you will return all
sample code and software to Microsoft upon our request.
Term. Upon completion of the workshop, you will: (i) vacate the workshop office space or workspace; (ii) return to
Microsoft any identification badges and premises access cards provided to you as a workshop participant; (iii) return
all Microsoft-owned property to Microsoft, including but not limited to any Microsoft software and materials provided
to you in connection with your participation in the Standard Workshop or WorkshopPLUS; and (iv) remove all your
personally owned equipment or property from Microsoft premises.

Disclaimer of Warranty. Any software provided to you is licensed “as-is.” You bear the risk of using it. Microsoft
gives no express warranties, guarantees or conditions. To the extent permitted under your local laws, Microsoft
excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Table of Contents 5

Table of Contents
LAB 6: SYSVOL RECOVERY ...................................................................................................................................... 7
Introduction ............................................................................................................................................................... 7
Objectives ................................................................................................................................................................... 7
Prerequisites .............................................................................................................................................................. 7
Estimated time to complete this lab .......................................................................................................................... 7
For more information ................................................................................................................................................. 7
Scenario ...................................................................................................................................................................... 7
Exercise 1: Creating a Disaster on DFSR ........................................................................................................ 8
Simulate a SYSVOL disaster ........................................................................................................................................ 8
Exercise 2: Restoring SYSVOL on DFSR .......................................................................................................... 8
Starting the Domain-wide Authoritative Restore of SYSVOL ...................................................................................... 8
Restoring the proper data to SYSVOL ....................................................................................................................... 10
Restoring SYSVOL on the primary DC ....................................................................................................................... 10
Restoring SYSVOL on all other DCs ........................................................................................................................... 11
Confirming the SYSVOL restore on all DCs ............................................................................................................... 13

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Lab: Sysvol Recovery 7

Lab 6: SYSVOL Recovery

Introduction
In this lab you will be simulating a SYSVOL disaster recovery by performing a complete
DFS-R restore on your domain (similar to a FRS D4). This would be necessary if all your
SYSVOL copies were affected by an uncontrolled change, data corruption or were
deleted for some reason.
No disaster actually exists, but the SYSVOL recovery lab will exercise your
understanding of the steps required to recover SYSVOL authoritatively using DFSR. The
FRS D4 concepts were exercised during the Forest Recovery lab.

Objectives
After completing this lab, you will be able to:
 Perform an authoritative and non-authoritative restore of SYSVOL using DFSR

Prerequisites
The following virtual machines are necessary to complete this lab:
 LitwareDC1 and LiwareDC2
o Username: litware\Administrator
o Password: password1!

Estimated time to complete this lab

30 minutes

For more information

Please ask your instructor if you need assistance or guidance on any steps.

Scenario
Help desk is receiving calls from users stating that they are not getting their proper
setting from group policy when they log on. This was being reported very sporadic, but
after a while started to affect all users. Upon further investigation, you notice a lot of files
and folders are missing from your SYSVOL on all DCs, so you decide to perform an
authoritative restore of the SYSVOL content on LitwareDC1 and consequently a non-
authoritative restore of SYSVOL on LitwareDC2

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
8 Lab: Sysvol Recovery

Exercise 1: Creating a Disaster on DFSR

In this exercise, you will:

 Simulate a major SYSVOL disaster where all your DCs have bad SYSVOL data (all
files and folder are missing)

Simulate a SYSVOL disaster

1. Logon to LitwareDC1 using the credentials provided in the Prerequisites

2. Open Start Menu and type C:\ and press ENTER. This will open Windows
Explorer in the root of the C:\ drive.

3. Create a new folder named SYSVOLBKP in the root of the C:\ drive.

4. Now, navigate to the C:\Windows\SYSVOL\domain folder. It should contain 2

folders, Policies and Scripts.

5. Select both Policies and Scripts, then press CTRL+X (Cut).

6. Navigate back to your C:\SYSVOLBKP folder and paste the folder by pressing
CTRL-V (Paste).

 At this point you should have an empty SYSVOL folder and the Policies and Scripts folders
now inside the SYSVOLBKP.

7. This should replicate to LitwareDC2 soon, which simulates the scenario described
above. You have a major SYSVOL disaster now, and a full restore of SYSVOL
must be performed.

Exercise 2: Restoring SYSVOL on DFSR

In this exercise, you will:

 Simulate a backup restore so you have access to the most recent SYSVOL data for
your domain.
 Restore DFS-R to all nodes using the Authoritative Restore procedure.

Starting the Domain-wide Authoritative Restore of SYSVOL

1. Logon to LitwareDC1 using the credentials provided in the Prerequisites

2. Open Start Menu and type adsiedit.msc and press ENTER

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Lab: Sysvol Recovery 9

3. Right click on ADSI Edit and select Connect to…

4. Take the defaults and press OK. This will open the Domain Partition (litware.com)
on your DC.

5. Navigate to the following DN:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-

LocalSettings,CN=LitwareDC1,OU=Domain Controllers,DC=litware,DC=com

6. Right click on CN= SYSVOL Subcription and click Properties

7. Locate the attribute msDFSR-Enabled and modify it to FALSE

8. Locate the attribute msDFSR-Options and modify it to 1

9. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)

10. Force AD replication with the following commands:

Repadmin /syncall LitwareDC1 /Aed

Repadmin /syncall LitwareDC2 /Aed
DFSRDiag Pollad

 These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.

11. Open Start Menu, type Eventvwr.msc and press ENTER

12. Expand the Applications and Services Logs, then select DFS Replication

13. Verify that the events 4008 and 4114 show up in the log

 You will see Event ID 4114 and 4008 in the DFSR event log indicating SYSVOL is no longer
being replicated.

 The use of the authoritative flag is generally unnecessary unless you need to guarantee
that one server is the only source of data during initial synchronization on the other
servers. For example, if all logon scripts were accidentally deleted and a manual copy of
them was placed back on the PDC Emulator role holder, making that server authoritative
and all other servers non-authoritative would guarantee that no further deletions,
collisions, or stale content could propagate within SYSVOL.

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
10 Lab: Sysvol Recovery

Restoring the proper data to SYSVOL

1. At this point, if you haven’t done so already, you want to make sure LitwareDC1
contains the last know good state of your SYSVOL data. It doesn’t matter what you
have in the other DC’s SYSVOL, as LitwareDC1 will be used as the authoritative
source for all other DCs.

 For the sake of time, instead of using backups for this lab, we’ll just use a manual file
copy to simulate a SYSVOL restore. This could also be used in production if you’re using
the Windows Server Backup tool. Since it generates a VHD file as output, you can mount
the backup file as an additional disk on your DC (Server Manager | Storage | Disk
Management | Attach VHD), and copy the SYSVOL content straight to the destination
folder.

2. Therefore, while still logged on to LitwareDC1, navigate to the C:\SYSVOLBKP

folder, copy its content and paste it to the C:\Windows\SYSVOL\Domain. You
now have the proper data in LitwareDC1, but that needs to replicate to all other DCs

Restoring SYSVOL on the primary DC

1. While still logged on to LitwareDC1, open Start Menu and select Run…

2. Switch back to ADSI Edit and the DC=litware,DC=com partition. Navigate once
again to the following DN:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-

LocalSettings,CN=LitwareDC1,OU=Domain Controllers,DC=litware,DC=com

3. Right click on CN= SYSVOL Subcription and click Properties

4. Locate the attribute msDFSR-Enabled and modify it to TRUE

5. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)

6. Force AD replication with the following commands:

Repadmin /syncall LitwareDC1 /Aed

Repadmin /syncall LitwareDC2 /Aed
DFSRDiag Pollad

 These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.

7. Open Start Menu, type Eventvwr.msc and press ENTER

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Lab: Sysvol Recovery 11

8. Expand the Applications and Services Logs, then select DFS Replication

9. Verify that the events 4008 and 4114 show up in the log

 You will see Event ID 4602 in the DFSR event log indicating SYSVOL has been initialized.
That domain controller has now done a “D4” of SYSVOL.

Restoring SYSVOL on all other DCs

Settings all remaining servers to non-authoritative when one server is set to authoritative
is not required for DFSR. Unlike FRS, there is no concept of morphed folders in DFSR.
However, to guarantee that all servers lose to the authoritative server you must set one
DC authoritative and all other servers non-authoritative. Setting the PDC Emulator as
authoritative is preferable since its SYSVOL contents are usually most up to date.

1. Logon to LitwareDC2 using the credentials provided in the Prerequisites

2. Open Start Menu and type adsiedit.msc and press ENTER

3. Right click on ADSI Edit and select Connect to…

4. Take the defaults and press OK. This will open the Domain Partition (litware.com)
on your DC.

5. Navigate to the following DN:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-

LocalSettings,CN=LitwareDC2,OU=Domain Controllers,DC=litware,DC=com

6. Right click on CN= SYSVOL Subcription and click Properties

7. Locate the attribute msDFSR-Enabled and modify it to FALSE

8. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)

9. Force AD replication with the following commands:

Repadmin /syncall LitwareDC1 /Aed

Repadmin /syncall LitwareDC2 /Aed
DFSRDiag Pollad

 These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.

10. Open Start Menu, type Eventvwr.msc and press ENTER

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
12 Lab: Sysvol Recovery

11. Expand the Applications and Services Logs, then select DFS Replication

12. Verify that the events 4008 and 4114 show up in the log

 You will see Event ID 4114 and 4008 in the DFSR event log indicating SYSVOL is no longer
being replicated.

13. Now open the Start Menu, type regedit and press ENTER.

14. Modify the registry on the domain controller to explicitly specify a source computer
for SYSVOL. Set the Parent Computer value (REG_SZ) to LitwareDC1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFSR\Parameters\SysVols\Seeding
SysVols

 If you do not use this method to specify the source computer, any Active Directory
replication partner that has the SYSVOL replicated folder in the NORMAL state could end
up being used as the source.

15. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)

16. Type net stop dfsr and press ENTER.

17. Type net start dfsr and press ENTER.

18. Switch back to ADSI Edit and the DC=litware,DC=com partition. Navigate once
again to the following DN:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-

LocalSettings,CN=LitwareDC2,OU=Domain Controllers,DC=litware,DC=com

19. Right click on CN= SYSVOL Subcription and click Properties

20. Locate the attribute msDFSR-Enabled and modify it to TRUE

21. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)

22. Force AD replication with the following commands:

Repadmin /syncall LitwareDC1 /Aed

Repadmin /syncall LitwareDC2 /Aed
DFSRDiag Pollad

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential
 Lab: Sysvol Recovery 13

 These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.

23. Open Start Menu, type Eventvwr.msc and press ENTER

24. Expand the Applications and Services Logs, then select DFS Replication

25. Verify that the events 4614 and 4604 show up in the log

 You will see Event ID 4602 in the DFSR event log indicating SYSVOL has been initialized.
That domain controller has now done a “D2” of SYSVOL.

Confirming the SYSVOL restore on all DCs

1. On both LitwareDC1 and LitwareDC2, open Windows Explorer and navigate to the
C:\Windows\SYSVOL\domain folder and make sure they contain all necessary
SYSVOL files (Policies and Scripts folders).

Microsoft | Services © 2011 Microsoft Corporation ITOE Educate

Microsoft Confidential