Active Directory: SYSVOL and NETLOGON
Table of Contents
-
What SYSVOL is and what it contains.
- The importance of SYSVOL.
In short:
-
SYSVOL replication methods.
-
Common SYSVOL error and problems.
-
Troubleshooting SYSVOL Error messages
- What SYSVOL is and what it contains.
SYSVOL is an important component of Active Directory.
The SYSVOL folder is shared on an NTFS volume on all the domain controllers within a particular domain.
SYSVOL is used to deliver the policy and logon scripts to domain members.
By default, SYSVOL includes 2 folders:
1.Policies
Default location: %SystemRoot%\SYSVOL\SYSVOL\<domain_name>\Policies
2.Scripts
Default location: %SystemRoot%\SYSVOL\SYSVOL\<domain_name>\scripts
Note: These default locations can be changed.
- The importance of SYSVOL.
As I mentioned above, SYSVOL contains 2 folders: "Policies" and "Scripts."
Policies: Under the Policies folder all the Group policies which are defined in a particular domain exist. Refer to the screenshot
Note that you can see 3 GPT's are available in above screenshot. When you create a new group policy in your active directory then a set of folder are created under Policies folder.
For example: I am creating a Policy called "disable screen saver" in my domain and linking that policy to my OU. When I hit create new policy button in GPMC , It will create one GUID Name folder under Policies folder which will be associatedto Disable screen saver GPO.
The above screenshot has 3 GPTs that mean 3 Group Policies are present in test.tld domain.
I hope my statements are not confusing when I use words like GPO, GPT, GPC
If someone is getting confused please refer below link which explains about these terms.
So when you make changes to particular Group policy objects that changes will be committed to Associated GUID name folder under SYSVOL.
In short:
The importance of SYSVOL folder: it holds the GPT, and whenever an administrator makes any changes to any of the policies, those changes will be committed to the associated GUID name folder and then they will be replicated to all Domain controllers.
- SYSVOL replication methods.
SYSVOL can be replicated to all the domain controllers using Distributed File System Replication (DFS-R) if the domain functional level Jump is Windows Server 2008 or higher, or it is replicated using File Replication System (FRS).
For information about DFS-R, see DFS Replication: Frequently Asked Questions (FAQ) Jump and see http://blogs.technet.com/b/askds/archive/2010/04/22/the-case-for-migrating-SYSVOL-to-dfsr.aspx Jump .
Additionally, follow this link - http://technet.microsoft.com/en-us/library/dd640019(v=ws.10).aspx Jump which explains how to migrate from FRS to DFS-R.
For FRS, the SYSVOL schedule is an attribute associated with each NTFRS Replica Set object and with each NTDS Connection object. FRS replicates SYSVOL using the same intrasite connection objects and schedule built by the KCC for Active Directory replication.FRS uses two replication protocols for SYSVOL: •SYSVOL connection within a site. The connection is always considered to be on; any schedule is ignored and changed files are replicated immediately.
•SYSVOL connection between sites. SYSVOL replication is initiated between two intersite members at the start of the 15-minute interval, assuming the schedule is open. The connection is treated as a trigger schedule. Theupstream partner ignores its schedule and responds to any request by the downstream partner. When the schedule closes, the upstream partner unjoins the connection only after the current contents of the outbound log, at the time of join, have been sent andacknowledged.
For more about FRS, see How FRS Works Jump .
- Common SYSVOL error and problems.
A . SYSVOL and NETLOGON shares are missing.
Take a scenario, when you add a new domain controller to your domain and you see there is no SYSVOL and NETLOGON folder available on the domain controller
Note - NETLOGON Share is not a Folder named NETLOGON On Domain controller . In fact it is a folder where , all the logon scripts are stored. So as mentioned above , Script folder under SYSVOL folder will act as NETLOGON share ( Location - %SystemRoot%\SYSVOL\SYSVOL\<domain DNS name>\scripts)
This mainly occurs if the SYSVOL replication is broken. In some cases after you added a new domain controller , SYSVOL replication may take some time.( Approximately you need to wait for some hours)
B.Journal Wrap Error
Read http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx Jump , This article explains what is Journal wraperror on SYSVOL , How it happens.
Above are most common errors when you consider SYSVOL in Active Directory.
Now,
Finally what are the steps we can follow when this Above errors are encountered.
- Troubleshooting SYSVOL Error messages
.
A . SYSVOL and NETLOGON shares are missing.
As I mentioned before it might be an issue with SYSVOL replication broken between Domain controllers.
You can start with forcing the replication between the domain controllers. Follow below link.
http://www.windowstricks.in/2009/11/force-SYSVOL-replication.html Jump
If above does not help, then here is the most popular method to resolve this:
http://support.microsoft.com/kb/947022
Jump
B . Journal Wrap Error
If Journal wrap error occurs , then we can set a blurflag value to D2 in the registry on a domain controller where Journal wrap error events are getting generated. By doing this Domain controller will dump the preexisting folders and startreplicating new content from one of its FRS replication partners.
orWe can set blurflag to D4 which does exactly opposite to above . That is , when you set D4 on a particular domain controllers its data will act as Authoritative , Result, all the domain controllers in your domain will replicate from the Domain controller wherethis blurflag is set to D4
Note - Setting BlurFlag to D4 is the last option , 90% cases will be resolved by setting up blurflag to D2
Follow below articles which explains how to set these flags.
What happens in journal Wrap?
http://blogs.technet.com/b/instan/archive/2009/07/14/what-happens-in-a-journal-wrap.aspx Jump
Restoring the SYSVOL when replicated through the NTFRS mechanism
Restoring the SYSVOL when replicated through the DFS-R mechanism
Hope this information helps to understand what is SYSVOL and how to troubleshoot the problems of SYSVOL.
I will be posting some more articles , Keep watching for them :)
Regards,
_Prashan
where's the netlogon folder stored ?
C:\WINDOWS\sysvol\sysvol*yourdomain*\scripts
The NETLOGON share is pointing to %SystemRoot%\sysvol\sysvol{DOMAIN}\scripts folder on DC, and it's main purpose is for storing logon scripts.
https://serverfault.com/questions/92124/wheres-the-netlogon-folder-stored
where's the sysvol folder stored ?
%SystemRoot%\SYSVOL\SYSVOL
https://social.technet.microsoft.com/wiki/contents/articles/8548.active-directory-sysvol-and-netlogon.aspx