Professional Documents
Culture Documents
SYSVOL Recovery
Student Workbook
Version 1.1
Microsoft Confidential
Information in this document, including URL and other website references, represents the current view of Microsoft
Corporation as of the date of publication and is subject to change without notice to you.
Descriptions or references to third party products, services or websites are provided only as a convenience to you
and should not be considered an endorsement by Microsoft. Microsoft makes no representations or warranties,
express or implied, as to any third party products, services or websites.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious.
Complying with all applicable copyright laws is the responsibility of the user. This document is intended for
distribution to and use only by Microsoft Premier customers. Use or distribution of this document by any other
persons is prohibited without the express written permission of Microsoft. Without limiting the rights under copyright,
no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any
form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without
the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering
subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, this
document does not give you any license to Microsoft’s intellectual property.
Microsoft Confidential
Microsoft Premier Support Services Description Exhibit:
License Terms for Standard Workshop and WorkshopPLUS
This Exhibit is an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and
you. The license terms for Standard Workshops and WorkshopPLUS are made pursuant to your Microsoft Premier
Support Services Description (the “Services Description”). The terms of the Services Description are incorporated
herein by this reference. Any terms not otherwise defined herein will assume the meanings set forth in the Services
Description.
This Exhibit applies to any Standard Workshop or WorkshopPLUS delivered under your Services Description,
including the media on which you received the workshop, if any, and any materials, sample code, documentation or
software provided in conjunction with the Standard Workshop or WorkshopPLUS. These terms also apply to any
Microsoft
updates,
supplements, and
Internet-based services
for a Standard Workshop or WorkshopPLUS, unless other terms accompany those items. If so, those terms apply.
BY PARTICIPATING IN THE WORKSHOP, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO
NOT PARTICIPATE IN THE WORKSHOP OR USE ANY STANDARD WORKSHOP OR WORKSHOPPLUS
MATERIALS AND SOFTWARE.
If you comply with these license terms, you have the rights below.
Scope of License. Subject to the terms of this license, Microsoft grants you: (i) a conditional license to participate in
the Standard Workshop or WorkshopPLUS you have selected, and (ii) a limited, personal right to use the materials,
sample code, documentation and software, if any, that are associated with a Standard Workshop or WorkshopPLUS.
Any rights not granted in this Exhibit are reserved by Microsoft.
Restrictions on Use. Your rights to use the materials, sample code, documentation and software provided in a
Standard Workshop or WorkshopPLUS are limited. You must comply with any technical limitations that restrict your
use. In addition, you may not:
rent, lease or lend any documentation, sample code, software or materials from a Standard Workshop or
WorkshopPLUS; or
transfer any documentation, sample code, software or materials from a Standard Workshop or
WorkshopPLUS or this agreement to any third party.
Rules for Participation in Standard Workshop and WorkshopPLUS. You agree to abide by the following rules as
a condition of participation in a Standard Workshop or WorkshopPLUS:
You agree that while on Microsoft property you will comply with all applicable local, state and federal laws,
statutes and regulations, including without limitation, all laws prohibiting harassment of any kind in the
workplace.
You agree to abide by applicable Microsoft rules, regulations and security measures while participating in a
Standard Workshop or WorkshopPLUS on Microsoft property.
Microsoft Confidential
Sample Code and software provided to you are owned solely by Microsoft and licensed to you for install,
use and access while participating in the workshop. Upon completion of the workshop, you will return all
sample code and software to Microsoft upon our request.
Term. Upon completion of the workshop, you will: (i) vacate the workshop office space or workspace; (ii) return to
Microsoft any identification badges and premises access cards provided to you as a workshop participant; (iii) return
all Microsoft-owned property to Microsoft, including but not limited to any Microsoft software and materials provided
to you in connection with your participation in the Standard Workshop or WorkshopPLUS; and (iv) remove all your
personally owned equipment or property from Microsoft premises.
Disclaimer of Warranty. Any software provided to you is licensed “as-is.” You bear the risk of using it. Microsoft
gives no express warranties, guarantees or conditions. To the extent permitted under your local laws, Microsoft
excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.
Microsoft Confidential
Table of Contents 5
Table of Contents
LAB 6: SYSVOL RECOVERY ...................................................................................................................................... 7
Introduction ............................................................................................................................................................... 7
Objectives ................................................................................................................................................................... 7
Prerequisites .............................................................................................................................................................. 7
Estimated time to complete this lab .......................................................................................................................... 7
For more information ................................................................................................................................................. 7
Scenario ...................................................................................................................................................................... 7
Exercise 1: Creating a Disaster on DFSR ........................................................................................................ 8
Simulate a SYSVOL disaster ........................................................................................................................................ 8
Exercise 2: Restoring SYSVOL on DFSR .......................................................................................................... 8
Starting the Domain-wide Authoritative Restore of SYSVOL ...................................................................................... 8
Restoring the proper data to SYSVOL ....................................................................................................................... 10
Restoring SYSVOL on the primary DC ....................................................................................................................... 10
Restoring SYSVOL on all other DCs ........................................................................................................................... 11
Confirming the SYSVOL restore on all DCs ............................................................................................................... 13
Microsoft Confidential
Lab: Sysvol Recovery 7
Introduction
In this lab you will be simulating a SYSVOL disaster recovery by performing a complete
DFS-R restore on your domain (similar to a FRS D4). This would be necessary if all your
SYSVOL copies were affected by an uncontrolled change, data corruption or were
deleted for some reason.
No disaster actually exists, but the SYSVOL recovery lab will exercise your
understanding of the steps required to recover SYSVOL authoritatively using DFSR. The
FRS D4 concepts were exercised during the Forest Recovery lab.
Objectives
After completing this lab, you will be able to:
Perform an authoritative and non-authoritative restore of SYSVOL using DFSR
Prerequisites
The following virtual machines are necessary to complete this lab:
LitwareDC1 and LiwareDC2
o Username: litware\Administrator
o Password: password1!
Scenario
Help desk is receiving calls from users stating that they are not getting their proper
setting from group policy when they log on. This was being reported very sporadic, but
after a while started to affect all users. Upon further investigation, you notice a lot of files
and folders are missing from your SYSVOL on all DCs, so you decide to perform an
authoritative restore of the SYSVOL content on LitwareDC1 and consequently a non-
authoritative restore of SYSVOL on LitwareDC2
Microsoft Confidential
8 Lab: Sysvol Recovery
2. Open Start Menu and type C:\ and press ENTER. This will open Windows
Explorer in the root of the C:\ drive.
3. Create a new folder named SYSVOLBKP in the root of the C:\ drive.
6. Navigate back to your C:\SYSVOLBKP folder and paste the folder by pressing
CTRL-V (Paste).
At this point you should have an empty SYSVOL folder and the Policies and Scripts folders
now inside the SYSVOLBKP.
7. This should replicate to LitwareDC2 soon, which simulates the scenario described
above. You have a major SYSVOL disaster now, and a full restore of SYSVOL
must be performed.
Microsoft Confidential
Lab: Sysvol Recovery 9
4. Take the defaults and press OK. This will open the Domain Partition (litware.com)
on your DC.
9. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)
These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.
12. Expand the Applications and Services Logs, then select DFS Replication
13. Verify that the events 4008 and 4114 show up in the log
You will see Event ID 4114 and 4008 in the DFSR event log indicating SYSVOL is no longer
being replicated.
The use of the authoritative flag is generally unnecessary unless you need to guarantee
that one server is the only source of data during initial synchronization on the other
servers. For example, if all logon scripts were accidentally deleted and a manual copy of
them was placed back on the PDC Emulator role holder, making that server authoritative
and all other servers non-authoritative would guarantee that no further deletions,
collisions, or stale content could propagate within SYSVOL.
Microsoft Confidential
10 Lab: Sysvol Recovery
1. At this point, if you haven’t done so already, you want to make sure LitwareDC1
contains the last know good state of your SYSVOL data. It doesn’t matter what you
have in the other DC’s SYSVOL, as LitwareDC1 will be used as the authoritative
source for all other DCs.
For the sake of time, instead of using backups for this lab, we’ll just use a manual file
copy to simulate a SYSVOL restore. This could also be used in production if you’re using
the Windows Server Backup tool. Since it generates a VHD file as output, you can mount
the backup file as an additional disk on your DC (Server Manager | Storage | Disk
Management | Attach VHD), and copy the SYSVOL content straight to the destination
folder.
1. While still logged on to LitwareDC1, open Start Menu and select Run…
2. Switch back to ADSI Edit and the DC=litware,DC=com partition. Navigate once
again to the following DN:
5. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)
These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.
Microsoft Confidential
Lab: Sysvol Recovery 11
8. Expand the Applications and Services Logs, then select DFS Replication
9. Verify that the events 4008 and 4114 show up in the log
You will see Event ID 4602 in the DFSR event log indicating SYSVOL has been initialized.
That domain controller has now done a “D4” of SYSVOL.
Settings all remaining servers to non-authoritative when one server is set to authoritative
is not required for DFSR. Unlike FRS, there is no concept of morphed folders in DFSR.
However, to guarantee that all servers lose to the authoritative server you must set one
DC authoritative and all other servers non-authoritative. Setting the PDC Emulator as
authoritative is preferable since its SYSVOL contents are usually most up to date.
4. Take the defaults and press OK. This will open the Domain Partition (litware.com)
on your DC.
8. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)
These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.
Microsoft Confidential
12 Lab: Sysvol Recovery
11. Expand the Applications and Services Logs, then select DFS Replication
12. Verify that the events 4008 and 4114 show up in the log
You will see Event ID 4114 and 4008 in the DFSR event log indicating SYSVOL is no longer
being replicated.
13. Now open the Start Menu, type regedit and press ENTER.
14. Modify the registry on the domain controller to explicitly specify a source computer
for SYSVOL. Set the Parent Computer value (REG_SZ) to LitwareDC1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFSR\Parameters\SysVols\Seeding
SysVols
If you do not use this method to specify the source computer, any Active Directory
replication partner that has the SYSVOL replicated folder in the NORMAL state could end
up being used as the source.
15. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)
18. Switch back to ADSI Edit and the DC=litware,DC=com partition. Navigate once
again to the following DN:
21. Open the Start Menu and click the Command Prompt (make sure it’s opened as
Administrator)
Microsoft Confidential
Lab: Sysvol Recovery 13
These commands will force replication between each other. The /Aed switch forces a
sync on all NCs held by the destination, Across all sites and partners, and IDs the servers
by DN and not by GUID.
24. Expand the Applications and Services Logs, then select DFS Replication
25. Verify that the events 4614 and 4604 show up in the log
You will see Event ID 4602 in the DFSR event log indicating SYSVOL has been initialized.
That domain controller has now done a “D2” of SYSVOL.
1. On both LitwareDC1 and LitwareDC2, open Windows Explorer and navigate to the
C:\Windows\SYSVOL\domain folder and make sure they contain all necessary
SYSVOL files (Policies and Scripts folders).
Microsoft Confidential