One of the biggest change in Windows 2008 is the use of DFSR to replicate the SYSVOL contents instead of using FRS
One of the most important question that arise is why to eliminate or remove FRS
FRS has some major drawbacks which has been taken care of in DFSR
1. Journal Wrap: While FRS use to go into the Journal Wrap condition quite often, DFSR on the other hand is self healing in terms of Journal Wrap
2. Morphing: Conflict Resolution was not that smart in FRS which has been greatly redefined in DFRS
Besides the above two points, we do have much more which DFSR can supports but not FRS
Lets take 3 Scenarios:
1. We already have a Windows 2003 DC and we promote another Windows 2008 DC. In this situation, Sysvol will use FRS to replicate the data and not DFSR
2. We are installing a Windows 2008 DC in a new domain/forest. This is the first DC of this forest. But while running dcpromo you select 2003 domain functional level instead of 2008. Even though the DC is running on Windows 2008, since the domain functional level is 2003, SYSVOL will still use FRS to replicate the content instead of DFSR
3. We are installing a Windows 2008 DC in a new domain/forest. This is the first DC of this forest. But while running dcpromo you select 2008 domain functional level. In this scenario, SYSVOL will use DFSR to replicate the content
In the scenario 2, we can although later on change the way SYSVOL will replicate the content. This is where we do Migration of the replicating engine from FRS to DFSR
Prerequisite of Migration:
1. Verify that the AD replication is working on all the DC`s
2. Raise the domain functional level to “Windows Server 2008” for the domain.
3. Verify that the SYSVOL is in healthy state on all the DC`s
4. Take the backup of the SYSVOL folder.
5. Make sure that the “DFS Replication service” is installed, set to ‘Automatic’ start type and is running on all the DC`s
Types of States:
Global Migration State – A complete process
Local Migration State – Process on each DC to achieve the Global Migration State
Stable States/Global Migration State
STATE 0 START
STATE 1 PREPARED
STATE 2 REDIRECTED
STATE 3 ELIMINATED
STATE 4 Preparing
STATE 5 Waiting for initial sync to complete
STATE 6 Redirecting
STATE 7 Eliminating
STATE 8 Undo redirecting
STATE 9 Undo preparing
Rollback: 2-8-1-9-0The global migration state 3 (ELIMINATED) once reached is irreversible and rollback is not possible.
Set the global migration state to 3 only when fully committed to using DFS Replication.
To create the global objects/settings in Active Directory, which are used by the DFS Replication service
To set the desired global migration state
0 (‘START’ state)
1 (‘PREPARED’ state)
2 (‘REDIRECTED’ state)
3 (‘ELIMINATED’ state)
To retrieve the current global migration state from Active Directory
To retrieve the current migration state of all the domain controllers
To figure out if all domain controllers have reached the global migration state
1. Run DFSR migration tool on the primary domain controller and migration enters into the START state by running dfsrmig.
2. Run the DFS Replication migration tool on the primary domain controller and migration enters the ‘PREPARED’ state.
3. Wait for all domain controllers to reach the ‘PREPARED’ state. To validate this, the local migration state is checked on all domain controllers.
4. Run the DFS Replication migration tool on the primary domain controller and it sets the global migration state to enter the ‘REDIRECTED’ state. At this stage DFS Replication service takes over the responsibility of replicating SYSVOL for the domain controller.
5. Wait for all domain controllers to reach the ‘REDIRECTED’ state and periodically runs DFS Replication health reports and scans the Eventlog for DFS Replication events. This can be used to monitor the status of DFS Replication for SYSVOL on the domain.
6. When all the domain controllers have migrated to the ‘REDIRECTED’ state and the domain is performing fine with the DFS replication service handing SYSVOL replication, he is prepared to go to the final state – Eliminating the FRS service.
7. Run the DFS Replication migration tool on the Primary Domain Controller to enter the ‘Eliminated’ state. The migration tool on the Primary Domain Controller now deletes the old SYSVOL folder and turns off the FRS service. All domain controllers eventually follow suit and DFS Replication is now solely responsible for SYSVOL replication for the domain
What all happens in the background with each State
Create the ReplicationGroup, Content object, ContentSet, and Topology objects
msDFSR-GlobalSettings object under System
msDFSR-ReplicationGroup object under “msDFSR-GlobalSettings”
msDFSR-Content under msDFSR-ReplicationGroup
msDFSR-ContentSet object under msDFSR-Content objecte.
msDFSR-Topology object under msDFSR-ReplicationGroup object
Sets GlobalState to 0Prepared State
DfsrMig /SetGlobalState 1
The DFS Replication service creates the SYSVOL_DFSR folder
ROBOCOPY copies the contents of SYSVOL\domain to the location SYSVOL_DFSR\domain
Local Active Directory Objects are created. These are ‘Member’, ‘LocalSettings’, ‘Subscriber’, and ‘Subscription
The migration local state is set to 5 (MIG_STATE_LOCAL_WAITING_FOR_SYNC)
When DFS Replication completes Initial Sync, the Local State is set to 1 (’PREPARED’).
Confirm that all domain controllers are in the ‘PREPARED’ state
DfsrMig /SetGlobalState 2
The goal of this state is to move the live SYSVOL share from the old SYSVOL folder that NTFRS is replicating to the new SYSVOL folder that the DFS Replication service is replicating. From this point onwards, SYSVOL replication will depend on DFS Replication service
Change the SYSVOL patyh in the registry to point to the new location
Verify that DFS Replication global migration state is set to ‘REDIRECTED’
Confirm that all domain controllers are in ‘REDIRECTED’ state
DfsrMig /SetGlobalState 3
The goal of this state is to delete the NTFRS SYSVOL replica set and delete the old SYSVOL folder
Deletes the NTFRS SYSVOL Active Directory configuration objects named ‘Subscriptions’ and ‘Settings’
Verify that the DFS Replication global migration state is set to eliminated
How to verify if the Migration was Successful
1. NTFRS Subscribers
2. Verify that DFS Replication related Global objects are created successfully.
Domain System Volume
3. Verify that SYSVOL and NETLOGON shares are pointing to paths under SYSVOL_DFSR in REGISTRY
4. Junction point: The Junction point under SYSVOL_DFSR can be seen only by “dir /a” command. Plain ‘dir’ command does not show junction point. This may lead to confusion.