I understand that this was long time ago, but have you noticed, that when migration was done, staging pats configuration (dfs management console, staging path) had empty path for each of DC? Or has it left unnoticed?:)
Thank you for watching. Microsoft does not want us as sysadmins managing the AD file system replication using the DFS management tool, it wants us to manage via tools like ntdsutil.
I don't see DFS Management tool in 2022. I did upgrades from 2008r2 and nothing ever said I needed to do this. Not that I am at 2022 I am having issues. I demoted one of my 3 DCs and then tried re-adding it. The first thing it complained about was I was still using FRS and needed to migrate to DFS. Thank you at least now I can see that sysvol is replicating before I ran the migration it was not. Still having issues about new GPO's are not creating their directories in the Policies folder.
Jeff, I assume you have checked the new folder that the policies would now be stored in because having completed the migration the Sysvol folder is moved. You can search for the policies in the file system using the policy GUID. If that does not help please try the troubleshooting guide docs.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr
@@PaulGregory Yeah I did look there I'll have to try the other guide. Although I have other issues I have 3 DCs I can create files on \\dc1 etlogon and \\dc2\ etlogon but not on \\dc3 etlogon. And dc3 is where I was creating the GPOs. I had transfered all the roles to dc3 a long hile back I might want to move all to one of the other two and demote and re-join it as a DC althought I'd need to rebuild the Cert service on it.
We just finished our migration from frs to dfrs and looks like after that sysvol/staging and sysvol/staging area are not migrate. Actaully, they are missing. For some reason, DFRS did not copy and sync those folder. I checked other video and looks like the "normal" behavior. Just wondering if this is something that i could have some issue in future. For now, no issue at all
Hi, the staging folders themself will not get replicated as they are holding areas to store potential changes when content is being replicated. Because the migration process 'freezes' replication the staging folders will not have content. In addition the way FRS and DFRS replicate data is different so the content in here from FRS would be of no benefit to DFRS. So you are good to go. Thank you for watching my video.
Thanks for the video. I have a trust relationship in different forest I need to execute these commands in all these domains? Or only in subdomains? Thank you!
Thiago, SYSVOL replication is domain wide so yes you will need to perform the procedure in every domain that is FRS based before you can upgrade to WS2019 (as it is now). Paul
Hi Thanks for the video. I have a question.. everybody in videos says if you get to the "eliminated" status you can not come back. Others previously say "make sure you have a backup", but anyone specifies what is the backup you need to do in case things don't go well and how to get the Domain back. what is to be backed up for the fastest recovery? is it the system state? or the entire VM server specified on the FSMO? another question is: In case something goes wrong, what needs to be recovered is just the primary domain? or all the domain controllers will be affected?. Your answer will be much appreciated :)
Thank you for watching the video. If your Active Directory is healthily this process is 100% reliable. Like anything it depends on what has gone wrong, single DC, FSMO role holder etc. Ultimately your recovery would either be a full AD forest recovery, a domain recovery or an individual DC recovery. For forest and domain recoveries you would need at least full BMR backups of the FSMO role holders, other DC’s could just be forcibly demoted and then promoted back. If a single DC fails to convert I would just demote and promote but again a full BMR would be belt and braces for all DC’s. I would assume you have backups and recovery plans for fill forest recovery so this should be backups you already have. Full details on forest protection and recovery can be found here: learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-prerequisites
@@darshvirtualacademy hi, depending on the Windows Server version it might be installed already. Otherwise the /prep command will install it or you can install it. As the switch is to DFSR for sysvol replication it is dependent on DFS.
Great video! I got up to dfsrmig /setglobalstate 2 and then ran several tests, all appears fine and the 2 servers are replicating . However I would like to wait to do the elimination phase for a few days to insure all is truly fine as that is not reversable. Do you see a problem with me doing that?
Hi @jimryan3960 thank you for watching my video. It is ok to leave the migration in the current state for a few days. Effectively the migration has been completed. The /3 just cleans up the old content. Paul
Hi Paul, I just wanted to check when the migration is running should we be seeing the staging folder and staging areas folder copied to the new SYSVOL_DFSR folder as well as the domain / sysvol folder?
Hi, To be honest I have not done this for over 5 years, but from memory yes you do. DFS uses the intermediate staging areas at each end to work out what blocks have changed and then merge the blocks back in.
Hi Paul , in your video at 5:00 min I see that you already have DFS management, so you have installed the DFS Replication, right? Do I need to do it before I start the migration?
As stated the video shows you all need to do. You do not mention version but from 2012 DFSR replication is the default in all new installations. Because of this all the required DFSR components are installed with the ADDS role. I have the mmc installed to show you extra. It is your choice if you do or do not install it. Paul
@@PaulGregory Hi Paul, I installed new Windows 2016, I made it DC and I demoted the old Windows 2008. In my new Windows 2016 DC I do not have under "File and Storage" the DFS management and DFS Replication installed. Your video assumes we have it installed, but this is not always the case. Do I need to have them installed?
Great video thanks Paul, I have a question, after watching, I checked one of our DC's for its migration state, results were "state 3 "eliminated", but the DC doesn't have a SYSVOL_DFSR folder? How do I fix that? It still has SYSVOL folder. Server 2012 R2.
Hi Sean, So you do not state if you have started the process or not. I assume you run the command dfsrmig/GetMigrationState and got that message. My first question is are you sure your system was not already using DFS-R, the default for WS2012. Your replication would only be using FRS is your DC’s had been upgraded from an older OS version. The SYSVOL_DFSR folder only gets created in a migration scenario. Paul
@@PaulGregory thank you for your reply, yes I ran the command "dfsrmig/GetMigrationState" and got that message. My best guess is our domain was created on Server 2008. Our four DC's have SYSVOL folders, which brought up my question, I thought I should be seeing SYSVOL_DFSR folders, I noticed our DC's have the DSFR service running, and DCDIAG reveals no errors. Someone told me that DSFR was standard for Server 2008. How do I know for sure were ready for a Server 2019 DC?
Hi Sean, the sysvol_dfsr folder only gets created in a migration scenario if the AD domain is already using DFSR from the initial deployment would only have the sysvol folder. Yours does sound as if it is using DFSR. Great news is when you install your first 2019 DC it will health check the Sysvol replication and if it is not configured correctly (eg using FRS) it will flag that and prevent you from continuing. Paul
I recently joined a company who's Domain is a mess. They have a PDC and two RODC's but the RODC's last received any replication about 2 years ago. I don't know how to even check how they initially did the replication. The one RODC does not even have a NETLOGON or SYSVOL share anymore. Would the methods in this video help with fixing the above?
Hi, it is very unlikely this will resolve you issues. To be honest if the RODC systems have not replicated for such a long time I would demote them and repromote them. Trying to fix them any other way is not an option due to ADDS tombstoning.
Correct me if I'm wrong but if I have added a server running 2012 R2 as a secondary DC and my primary DC is on server 2003, would I not yet be able to run this migration since the 2k3 server would still be sending replication data using FRS? Or would the 2k12 server simply convert that to DFS-R automatically? The fact that the migration command removed your SYSVOL folder leads me to believe that the two cannot coexist that way and I would need to remain on FRS until the old server is fully decommissioned. Thanks for the detailed info in the vid
I realize this comment is pretty old at this point. I'm commenting for folks that may have the same question in the future... In the begging Paul mentions that the domain functional level has to be at at least 2008. It's impossible to raise the domain functional level with a server 2003 server still functioning as a DC. Get vid Paul. Thanks!
All our DCs were windows 2012R2 .. Recently we promoted one 2016 server to DC and later found out we were on FRS .. do we have to demote the 2016 server for migration from FRS to DFRS?
Hi, you do not. Because of the world being so far behind Microsoft actually delayed requiring a migration to FRS until Windows Server 2019. If you try to upgrade a Windows Domain Controller to 2019 or add a Windows 2019 DC to a domain using FRS the installer will stop you. You can complete this procedure the same way on WS2016. Paul
@@PaulGregory Thank you very much for clarifying my doubts 🙏. SYSVOL is not being replicated from 2012 R2 Domain Controllers to newly promoted DC windows 2016. Everything else is working fine ..So we are planning migrating FRS to DFRS ..
Hello, I will add Windows 2016 DC. I have currently Windows 2008. The domain functional level is 2008. After I install my new Windows 2016 DC in order to do the FRS to DFSR migration do I need to raise the domain functional level and to which 2012 or 2012 R2?
The domain functional level required to perform the FRS to DFSR migration is 2008. So you have no requirement to raise the level anymore for this process. It is always the recommended to run the highest forest and domain functional level you can. Paul
I answered your question in my previous reaponse no you do not need to install it. I explained why I had it installed I also said installing the ADDS role should install all the required software of you need more help and suppprt pkease read the 52 page FRS to DFSR migration guide from MS docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd640019(v=ws.10)
@@PaulGregory Can I move to Preparing a day or two before I plan on doing the redirect and elimination stages? I am just trying to plan my change control windows. I would think the state 2 and 3 are the ones that I need a change control for.
@@EdKutsko you can wait as long as you wish between stages. It is only stage 3 you cannot roll back. So you could do the prepared and the redirect state and then save Eliminate for your change control as Eliminate cannot be undone....
Hi Paul I have one 2008 r2 forest level running with 1 replication server 2008 r2 and I have to join 2022 with the replication but it needs frs to dfsr migration so is it safe for AD users like will it affect my AD users and their password and if I run this on one machine all machines will be updated if they are in replication with primary controller like when I raised the forest level all machines just updated
Hi, Thank you for watching my video. Correct users will not be impacted by migrating from FRS to DFRS it makes no changes to AD because sysvol is in the file system not the AD database. You make the change on one domain controller and because FRS is domain wide all DC’s will be updated in that domain. In terms of Domain and Forest functional levels you can only raise to the lowest DC version you have. So if you are keeping a 2008R2 DC (not something I would advise for Security and support reasons), 2008R2 would be the highest level you can raise the domain and forest functional level. Regards, Paul
@@PaulGregory thanks paul.. I need to add 2022 to domain controller and the. Upgrade to 2022 and remove all 2008 domain controller so that my AD runs on 2022
I have 4 x 2008 R2 servers all raised to correct 2008 R2 levels.. I need to now add a Server 2019 server as a DC to the domain.. I know you have to upgrade the 2008 R2 setup to DFSR or you cannot add the Server 2019.. I'm thinking this will do the job perfectly..... The question is..., how brave am i..?
@@PaulGregory I got brave tonight..., took 10mins to do and worked perfectly!. The Server 2019 was then added as a DC without problems.. Your guide was perfect :-)
not done this in about 8 years. long time since last doing this good refresher.
Thank You for this video, it's a nice overview of the FRS to DFS-R.
Saved me hours of searching thank you!
Thank you for watching. Glad I was able to help
Very informative and straight to the point on how to complete the task. Great vide keep it up!
Jonathan Campos Thank you.
I understand that this was long time ago, but have you noticed, that when migration was done, staging pats configuration (dfs management console, staging path) had empty path for each of DC? Or has it left unnoticed?:)
Thank you for watching. Microsoft does not want us as sysadmins managing the AD file system replication using the DFS management tool, it wants us to manage via tools like ntdsutil.
Great stuff. This helped me tremendously!!!
Very informative Paul!
Thank you for this series - it was very helpful.
what is the other prerequisite to migrate FRS to DFRS ?
I don't see DFS Management tool in 2022. I did upgrades from 2008r2 and nothing ever said I needed to do this. Not that I am at 2022 I am having issues. I demoted one of my 3 DCs and then tried re-adding it. The first thing it complained about was I was still using FRS and needed to migrate to DFS. Thank you at least now I can see that sysvol is replicating before I ran the migration it was not. Still having issues about new GPO's are not creating their directories in the Policies folder.
Jeff, I assume you have checked the new folder that the policies would now be stored in because having completed the migration the Sysvol folder is moved. You can search for the policies in the file system using the policy GUID. If that does not help please try the troubleshooting guide docs.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr
@@PaulGregory Yeah I did look there I'll have to try the other guide. Although I have other issues I have 3 DCs I can create files on \\dc1
etlogon and \\dc2\
etlogon but not on \\dc3
etlogon. And dc3 is where I was creating the GPOs. I had transfered all the roles to dc3 a long hile back I might want to move all to one of the other two and demote and re-join it as a DC althought I'd need to rebuild the Cert service on it.
Thanks, Paul. You got me through it! Two thumbs up!
We just finished our migration from frs to dfrs and looks like after that sysvol/staging and sysvol/staging area are not migrate. Actaully, they are missing. For some reason, DFRS did not copy and sync those folder. I checked other video and looks like the "normal" behavior. Just wondering if this is something that i could have some issue in future. For now, no issue at all
Hi, the staging folders themself will not get replicated as they are holding areas to store potential changes when content is being replicated. Because the migration process 'freezes' replication the staging folders will not have content. In addition the way FRS and DFRS replicate data is different so the content in here from FRS would be of no benefit to DFRS. So you are good to go. Thank you for watching my video.
Thanks for the video.
I have a trust relationship in different forest I need to execute these commands in all these domains? Or only in subdomains?
Thank you!
Thiago, SYSVOL replication is domain wide so yes you will need to perform the procedure in every domain that is FRS based before you can upgrade to WS2019 (as it is now). Paul
Hi Thanks for the video. I have a question.. everybody in videos says if you get to the "eliminated" status you can not come back. Others previously say "make sure you have a backup", but anyone specifies what is the backup you need to do in case things don't go well and how to get the Domain back. what is to be backed up for the fastest recovery? is it the system state? or the entire VM server specified on the FSMO? another question is: In case something goes wrong, what needs to be recovered is just the primary domain? or all the domain controllers will be affected?. Your answer will be much appreciated :)
Thank you for watching the video. If your Active Directory is healthily this process is 100% reliable. Like anything it depends on what has gone wrong, single DC, FSMO role holder etc.
Ultimately your recovery would either be a full AD forest recovery, a domain recovery or an individual DC recovery. For forest and domain recoveries you would need at least full BMR backups of the FSMO role holders, other DC’s could just be forcibly demoted and then promoted back. If a single DC fails to convert I would just demote and promote but again a full BMR would be belt and braces for all DC’s.
I would assume you have backups and recovery plans for fill forest recovery so this should be backups you already have. Full details on forest protection and recovery can be found here:
learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-prerequisites
Tks :)
It it mandatory to install dfs role on pdc for frs to dfsr migration? Kindly assist
@@darshvirtualacademy hi, depending on the Windows Server version it might be installed already. Otherwise the /prep command will install it or you can install it. As the switch is to DFSR for sysvol replication it is dependent on DFS.
@PaulGregory we re running windows server 2012 r2 with frs and now migrating to server 2019.
Great video! I got up to dfsrmig /setglobalstate 2 and then ran several tests, all appears fine and the 2 servers are replicating . However I would like to wait to do the elimination phase for a few days to insure all is truly fine as that is not reversable. Do you see a problem with me doing that?
Hi @jimryan3960 thank you for watching my video. It is ok to leave the migration in the current state for a few days. Effectively the migration has been completed. The /3 just cleans up the old content. Paul
@@PaulGregory Awesome! Thank you for the quick response. Again, great video!.
We have 4 DC (Win 2008 Standard). 2 local and 2 remote. Same domain/forest. This process took around 4 hours to finish over a 100 Mbit link.
Glad you completed the process successfully. I imagine you had some large GPO’s and a lot of content in netlogon.
Your tutorials are amazing!!! Thanks a lot!!!
Hi Paul, I just wanted to check when the migration is running should we be seeing the staging folder and staging areas folder copied to the new SYSVOL_DFSR folder as well as the domain / sysvol folder?
Hi,
To be honest I have not done this for over 5 years, but from memory yes you do. DFS uses the intermediate staging areas at each end to work out what blocks have changed and then merge the blocks back in.
Thanks @@PaulGregoryI'll wait until tomorrow, to see if they populate into the new folder's and take it from there. Thanks for getting back to me 👍🏾
Hi Paul , in your video at 5:00 min I see that you already have DFS management, so you have installed the DFS Replication, right? Do I need to do it before I start the migration?
As stated the video shows you all need to do. You do not mention version but from 2012 DFSR replication is the default in all new installations. Because of this all the required DFSR components are installed with the ADDS role. I have the mmc installed to show you extra. It is your choice if you do or do not install it. Paul
@@PaulGregory Hi Paul, I installed new Windows 2016, I made it DC and I demoted the old Windows 2008. In my new Windows 2016 DC I do not have under "File and Storage" the DFS management and DFS Replication installed. Your video assumes we have it installed, but this is not always the case. Do I need to have them installed?
Great video thanks Paul, I have a question, after watching, I checked one of our DC's for its migration state, results were "state 3 "eliminated", but the DC doesn't have a SYSVOL_DFSR folder? How do I fix that? It still has SYSVOL folder. Server 2012 R2.
Hi Sean,
So you do not state if you have started the process or not. I assume you run the command dfsrmig/GetMigrationState and got that message.
My first question is are you sure your system was not already using DFS-R, the default for WS2012. Your replication would only be using FRS is your DC’s had been upgraded from an older OS version. The SYSVOL_DFSR folder only gets created in a migration scenario.
Paul
@@PaulGregory thank you for your reply, yes I ran the command "dfsrmig/GetMigrationState" and got that message. My best guess is our domain was created on Server 2008. Our four DC's have SYSVOL folders, which brought up my question, I thought I should be seeing SYSVOL_DFSR folders, I noticed our DC's have the DSFR service running, and DCDIAG reveals no errors. Someone told me that DSFR was standard for Server 2008. How do I know for sure were ready for a Server 2019 DC?
Hi Sean, the sysvol_dfsr folder only gets created in a migration scenario if the AD domain is already using DFSR from the initial deployment would only have the sysvol folder. Yours does sound as if it is using DFSR. Great news is when you install your first 2019 DC it will health check the Sysvol replication and if it is not configured correctly (eg using FRS) it will flag that and prevent you from continuing. Paul
@@PaulGregory Thank you for your help!
I recently joined a company who's Domain is a mess. They have a PDC and two RODC's but the RODC's last received any replication about 2 years ago. I don't know how to even check how they initially did the replication. The one RODC does not even have a NETLOGON or SYSVOL share anymore. Would the methods in this video help with fixing the above?
Hi, it is very unlikely this will resolve you issues. To be honest if the RODC systems have not replicated for such a long time I would demote them and repromote them. Trying to fix them any other way is not an option due to ADDS tombstoning.
@@PaulGregory Thanks for the feedback. Do you maybe have a video / guide that covers this process of demoting & promoting or a link to a good one?
Correct me if I'm wrong but if I have added a server running 2012 R2 as a secondary DC and my primary DC is on server 2003, would I not yet be able to run this migration since the 2k3 server would still be sending replication data using FRS?
Or would the 2k12 server simply convert that to DFS-R automatically? The fact that the migration command removed your SYSVOL folder leads me to believe that the two cannot coexist that way and I would need to remain on FRS until the old server is fully decommissioned.
Thanks for the detailed info in the vid
I realize this comment is pretty old at this point. I'm commenting for folks that may have the same question in the future... In the begging Paul mentions that the domain functional level has to be at at least 2008. It's impossible to raise the domain functional level with a server 2003 server still functioning as a DC.
Get vid Paul. Thanks!
All our DCs were windows 2012R2 .. Recently we promoted one 2016 server to DC and later found out we were on FRS .. do we have to demote the 2016 server for migration from FRS to DFRS?
Hi, you do not. Because of the world being so far behind Microsoft actually delayed requiring a migration to FRS until Windows Server 2019. If you try to upgrade a Windows Domain Controller to 2019 or add a Windows 2019 DC to a domain using FRS the installer will stop you. You can complete this procedure the same way on WS2016. Paul
@@PaulGregory Thank you very much for clarifying my doubts 🙏.
SYSVOL is not being replicated from 2012 R2 Domain Controllers to newly promoted DC windows 2016. Everything else is working fine ..So we are planning migrating FRS to DFRS ..
Hello, before I start do I need to install DFS Replication which is under File and Storage Service ?
You do not the process will install any needed software. You only need to do what is in the video. Paul
@@PaulGregory Thank you!
Thanks. You got my thumbs.
Thank you for letting me know
Thanks mate. Very helpful!
Hello, I will add Windows 2016 DC. I have currently Windows 2008. The domain functional level is 2008. After I install my new Windows 2016 DC in order to do the FRS to DFSR migration do I need to raise the domain functional level and to which 2012 or 2012 R2?
The domain functional level required to perform the FRS to DFSR migration is 2008. So you have no requirement to raise the level anymore for this process. It is always the recommended to run the highest forest and domain functional level you can. Paul
I answered your question in my previous reaponse no you do not need to install it. I explained why I had it installed I also said installing the ADDS role should install all the required software of you need more help and suppprt pkease read the 52 page FRS to DFSR migration guide from MS docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd640019(v=ws.10)
Does this need to be done on Root and Child Domains or does it do all of them at once?
Hi Ed, this needs to be done on each domain as the Sysvol is only replicated between domain controllers within the same domain.
@@PaulGregory Can I move to Preparing a day or two before I plan on doing the redirect and elimination stages? I am just trying to plan my change control windows. I would think the state 2 and 3 are the ones that I need a change control for.
@@EdKutsko you can wait as long as you wish between stages. It is only stage 3 you cannot roll back. So you could do the prepared and the redirect state and then save Eliminate for your change control as Eliminate cannot be undone....
Hi Paul I have one 2008 r2 forest level running with 1 replication server 2008 r2 and I have to join 2022 with the replication but it needs frs to dfsr migration so is it safe for AD users like will it affect my AD users and their password and if I run this on one machine all machines will be updated if they are in replication with primary controller like when I raised the forest level all machines just updated
Hi,
Thank you for watching my video. Correct users will not be impacted by migrating from FRS to DFRS it makes no changes to AD because sysvol is in the file system not the AD database. You make the change on one domain controller and because FRS is domain wide all DC’s will be updated in that domain.
In terms of Domain and Forest functional levels you can only raise to the lowest DC version you have. So if you are keeping a 2008R2 DC (not something I would advise for Security and support reasons), 2008R2 would be the highest level you can raise the domain and forest functional level. Regards, Paul
@@PaulGregory thanks paul.. I need to add 2022 to domain controller and the. Upgrade to 2022 and remove all 2008 domain controller so that my AD runs on 2022
@@shubhendusrivastava
So once all the 2008R2 DC’s have been replaced you will be able to upgrade the domain and forest functional levels.
@@PaulGregorythanks paul for giving me courage to migrate from frs to dfsr .. I was afraid at first thanks a lot !! I finally did and it worked
I have 4 x 2008 R2 servers all raised to correct 2008 R2 levels.. I need to now add a Server 2019 server as a DC to the domain.. I know you have to upgrade the 2008 R2 setup to DFSR or you cannot add the Server 2019.. I'm thinking this will do the job perfectly..... The question is..., how brave am i..?
Colin Albright I hope you will be very brave. Not a Monday morning job 😀
@@PaulGregory I got brave tonight..., took 10mins to do and worked perfectly!. The Server 2019 was then added as a DC without problems.. Your guide was perfect :-)
Great vid. Thank you!
very helpful. thank you.
Grato pela ajuda !!!!
Feliz por ter sido de assistência
Thankyou so much
These commands should be done on pdc as well...
These commands are domain wide so they only need to be done once from a DC.
could you please speak a little slower ?