How to Synchronize DFS Replication

I recently had an issue where sysvol wouldn’t replicate and DFS showed no errors. The solution was to perform an authoritative DFS replication synchronization, but you might be able to solve problems with a non-authoritative replication as well.

Perform a Non-Authoritative DFS Replication Synchronization

Use adsiedit.msc to disable DFSR on the Non-Authoritative Server

Choose a server to be non-authoritative. I chose dc2. Navigate to:

DC=somedomain.local
OU=Domain Controllers
CN=dc2
CN=DFSR-LocalSettings
CN=Domain System Volume
CN=SYSVOL Subscription

Set msDFSR-Enabled=FALSE

Poll AD and Manually Sync

Force the non-authoritative server to check with the domain with “DFSDIAG POLLAD.”

Next go to each DC in the domain and repadmin /syncall. Verify that there are no errors. If there are then you may need to resolve those first.

Use adsiedit.msc to Re-Enable DFSR

DC=somedomain.local
OU=Domain Controllers
CN=dc2
CN=DFSR-LocalSettings
CN=Domain System Volume
CN=SYSVOL Subscription

Set msDFSR-Enabled=True

Manually Sync Each Domain Contoller

Go back and force each DC in the domain to sync with repadmin /syncall again.

Force the Non-Authoritative Server to Sync with AD

Again force the non-authoritative server to recognize the domain with “DFSDIAG POLLAD” on the broken server and repadmin /syncall.

Check the event logs for DFS Replication and you should see event IDs 4114 then a 4614 and 4604.

Perform an Authoritative DFS Replication Synchronization

Stop DFSR Service and Disable it on all Servers

On each domain controller set the DFSR service to manual and stop the service.

Use adsiedit.msc and navigate to the following for each domain controller.

DC=somedomain.local
OU=Domain Controllers
CN=<alldcs>
CN=DFSR-LocalSettings
CN=Domain System Volume
CN=SYSVOL Subscription

Set msDFSR-Enabled=FALSE on each domain controller

On the authoritative domain controller set msDFSR-options=1

Manually Sync Each Domain Contoller

Go back and force each DC in the domain to sync with repadmin /syncall again.

Start the Service on the Authoritative Domain Controller

Now start the service on the authoritative domain controller with net start dfsr and also re-enable it with adsiedit.msc.

You should see ID 4114 in the DFS Replication log. Re-enable dfsr with adsiedit.

DC=somedomain.local
OU=Domain Controllers
CN=dc1
CN=DFSR-LocalSettings
CN=Domain System Volume
CN=SYSVOL Subscription

set msDFSR-Enabled=TRUE

Force a sync with repadmin /syncall, then dfsrdiag pollad

You shoudl see Event id 4602.

Start DFSR Across the Domain

On all the other servers navigate again to the settings in adsiedit and re-enable dfsr

DC=somedomain.local
OU=Domain Controllers
CN=dc1
CN=DFSR-LocalSettings
CN=Domain System Volume
CN=SYSVOL Subscription

set msDFSR-Enabled=TRUE

Hit every domain controller with repadmin /syncall

Re-Enable Replication on all Other Servers

On all other servers, run DFSRDIAG POLLAD and turn the service back on with net start dfsr.