Domain controller: Migration of Legacy file replication service to Distributed file service replication

Hey guys hope you are doing well!

Now let’s start off with a topic related to on-premises, which is domain controller. I had encounter a weird situation where I was performing a domain controller migration from a Windows Server 2008 R2 to Windows Server 2019, during the migration process I wasn’t able to proceed to active directory domain services in Windows Server 2019.

I had all the prerequisites checked but this was the first time I have ever encounter this.

This was the error that I encounter during the wizard…

“Verification of replica failed. The specified domain is still using the File Replication service (FRS) to replicate the SYSVOL share. FRS is depreciated.”

The error explains that the SYSVOL is running a depreciated service, called FRS and recommended that I perform a migration of FRS to DFSR.

SYSVOL is basically a folder that contains your Group Policy Management and Scripts and it replicates to all other domain controllers. SYSVOL folder located in C:\Windows in your domain controllers.

FRS is basically the service to perform the replication. Upon research, FRS only supports Windows Server 2000 and 2003 only. Windows 2008 and above depreciate FRS. However, how in the world that FRS is running on Windows Server 2008 R2???

To further investigate this situation, I had to ask whether that the environment has any application servers that is on Windows Server 2003. If the answer is yes, it means that the environment used to be running on Windows Server 2003 or earlier. It seems that the transition/migrate of domain controller was not clean during that time.

There is one article that spoke about the migrate of Windows Server 2003 to Windows Server 2008, doesn’t meaning only migrate the FSMO roles, and majority forgot to migrate the FRS to DFSR. Hence, this FRS was able to carry forward to the Windows Server 2008.

*Note: Below are not detailed steps on how to setup a domain controller, you must at least have knowledge on how to setup a domain controller

The best way to mimic this error was to setup my lab

Why so this transition? Every Operating system works differently.

Make sure you got the right permission account.

  • Setting up domain controller permission required domain administrator rights.
  • FSMO transfer permission required enterprise administrator, and domain administrator.
  • DFSR migration permission required is domain administrator.
  1. Setup Windows Server 2003 domain controller
  2. Setup Windows Server 2008
  3. Adprep the schema in Windows Server 2003
  4. Make Windows Server 2008 a domain controller
  5. Migrate the FSMO from Windows Server 2003 to Windows Server 2008
  6. Decommission Windows Server 2003 domain controller
  7. Raise domain functional level from Windows Server 2008
  8. Setup Windows Server 2008 R2
  9. Adprep the schema in Windows Server 2008
  10. Make Windows Server 2008 R2 a domain controller
  11. Migrate the FSMO from Windows Server 2008 to Windows Server 2008 R2
  12. Adprep the schema in Windows Server 2008 R2
  13. Setup Windows Server 2019
  14. Proceed to make Windows Server 2019 a domain controller –> here is where the error happens

Steps on how to perform FRS to DFRS migration

  1. Always perform System state backup before proceed this on production
  2. Check the replication health on all domain controllers, make sure are healthy before starting
  3. On the Windows Server 2008 R2 domain controller that holes PDC role, launch your command prompt as administrator
  4. Run the following commands
    • dfsrmig /getglobalstate
    • This means that the service is not using DFSR
    • net share
    • Under the Share name, SYSVOL’s referring the resource of C:\Windows\SYSVOL\sysvol, we are going to change it to be C:\Windows\SYSVOL_DFSR
  5. Next, run this following command to start your phases of migration. There are 4 phases of migration.
    • Phase 0: Return – This phase is a fallback option for you. This is only useful if you are in Phase 1 and Phase 2.
    • Phase 1: Start – This phase allow you to start the migration and prepare the SYSVOL to be copy the content to SYSVOL_DFSR. System created a new folder called SYSVOL_DFSR.
    • Phase 2: Redirect – This phase will start to redirect the SYSVOL path/pointer to SYSVOL_DFSR.
    • Phase 3 Eliminate – This phase deletes the SYSVOL folder.
  6. The command to start the phase 1 is
    • dfsrmig /setglobalstate 1
    • dfsrmig /getmigrationstate
    • got to make sure phase 1 is completed only proceed to phase 2
  7. Proceed to Phase 2
    • dfsrmig /setglobalstate 2
    • dfsrmig /getmigrationstate
    • got to make sure phase 2 completed only proceed to phase 3
  8. Proceed to Phase 3
    • dfsrmig /setglobalstate 3
    • dfsrmig /getmigrationstate
  9. Check the services
    • After running all phases successfully, it will automatically disable the FRS services and stop it from running
  10. Run net share command to check whether the SYSVOL’s resource has changed to the new path
  11. This migration doesn’t require rebooting the domain controllers afterwards, but if there is a reboot prompt require before the migration, please proceed the reboot first.

*Note:

  • Stopping the FRS services without running the migration, would not help resolve the issue
  • If you have child domain, then please also perform a DFSR migration on the child domain’s domain controller that holes the PDC role

References

  1. https://www.rebeladmin.com/2015/04/step-by-step-guide-for-upgrading-sysvol-replication-to-dfsr-distributed-file-system-replication/

Author: sabrinaksy

Just an ordinary lady who love what she does best.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: