Following checks must be carried out before attempting the DFSR migration. If any of the checks fail, do not perform the DFSR migration until the issue is resolved.
1. Check if Domain functional level is at least Windows Server 2008.
2. Check all domain controller’s operating system is at least Windows Server 2008.
3. Check if built-in Administrators group has the 'Manage Auditing and Security Log' user right assignment.
4. Check if all domain controllers have enough free disk space.
5. Check if Active Directory replication is working.
6. Check SYSVOL sharing is correct.
7. Valid system state backup.
1. Check if Domain functional level is at least Windows Server 2008
Verify if Windows domain functional level is at least Windows Server 2008.
For Windows Server 2008 R2
1. Click Start and select Administrative Tools, 'Active Directory Domains and Trusts'.
2. Right-click the domain name e.g. HPV.local and select Properties.
For Windows Server 2012 R2
1. Open Server Manager.
2. From the Tools menu, select 'Active Directory Domains and Trusts'.
3. Right-click your domain name e.g. HPV.local and select Properties.
2. Check if built-in Administrators group has the 'Manage Auditing and Security Log' user right assignment.
For a successful migration, make sure that the built-in Administrators group has the 'Manage auditing and security log' User Rights Assignment.
Follow the process on all domain controllers in the domain:
1. Log on to one domain controller.
2. From the Run type RSoP.msc.
3. Go to 'Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment'.
4. Right-click 'Manage auditing and security log' and select Properties.
5. Confirm Administrators is listed.
6. Click Cancel and close Resultant Set of Policy.
3. Free Disk space
Confirm that all domain controllers have an appropriate amount of free disk space. This should be at least twice the size of the current SYSVOL share. C:\Windows\SYSVOL.
4. Check if Active Directory replication is working
Open Command prompt and enter the following command:
repadmin /showrepl *
Confirm that all domain controller’s last replication was successful for each partition. Repeat this on all of your domain controllers.
C:\Windows\system32>repadmin /showrepl
Repadmin: running command /showrepl against full DC HPV-HV-01.hpv.local
hpv\HPV-HV-01
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: faf7771d-2541-44d0-b605-95701cb6aaa1
DSA invocationID: ab577af4-9b41-44aa-9f73-09d8f65e6f02
==== INBOUND NEIGHBORS ======================================
DC=hpv,DC=local
HPV\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e Last attempt @ 2014-07-25 10:25:37 was successful.
CN=Configuration,DC=hpv,DC=local
HPV\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e Last attempt @ 2014-07-25 10:25:37 was successful.
HPV\SRV-02 via RPC
DSA object GUID: 4a8717eb-8e58-456c-995a-c92e4add7e8e Last attempt @ 2014-07-25 10:25:37 was successful.
5. Check SYSVOL sharing is correct
DFSR migration depends on correct SYSVOL sharing and its correct advertisement on all domain controllers. Open a Command prompt and type the following command:
dcdiag /e /test:sysvolcheck /test:advertising
Make sure all tests pass without error or warning.
C:\Windows\system32>dcdiag /e /test:sysvolcheck /test:advertising
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = HPV-HV-01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: HPV\HPV-HV-01
Starting test: Connectivity
......................... HPV-HV-01 passed test Connectivity
Testing server: HPV\HPV-HV-02
Starting test: Connectivity
......................... HPV-HV-02 passed test Connectivity
Doing primary tests
Testing server: HPV\HPV-HV-01
Starting test: Advertising
......................... HPV-HV-01 passed test Advertising
Starting test: SysVolCheck
......................... HPV-HV-01 passed test SysVolCheck
Testing server: HPV\HPV-HV-02
Starting test: Advertising
......................... HPV-HV-02 passed test Advertising
Starting test: SysVolCheck
......................... HPV-HV-02 passed test SysVolCheck
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : hpv
Running enterprise tests on : hpv.local
SYSVOL Migration Procedure (FRS to DFSR)
Make sure all of the above checks have passed, if not resolve issues before continuing. The migration Procedure have three states:
- Migrating to the Prepared State - FRS continues to replicate the SYSVOL shared folder that the domain uses, while DFS Replication replicates a copy of the SYSVOL folder. FRS mounts both SYSVOL and NETLOGON shares.
- Migrating to the Redirected State - The DFS Replication copy of the SYSVOL folder becomes responsible for servicing SYSVOL requests from other domain controllers. FRS continues to replicate the original SYSVOL folder, but DFS Replication now replicates the production SYSVOL folder that domain controllers in the Redirected state use.
- Migrating to the Eliminated State - DFS Replication continues to handle all the SYSVOL replication. Windows deletes the original SYSVOL folder, and FRS no longer replicates SYSVOL data.
For the rest of steps we only need to run all dfsrmig commands on a single domain controller.
1. Migrate Domain to Prepared State.
1. Type the following command at a command prompt to begin the global migration state to be Prepared.
dfsrmig /setglobalstate 1
To speed the migration use the below commands.
repadmin /syncall /force /APed
dfsrdiag pollad
2. Type the following command to see the progress of the migration:
dfsrmig /getmigrationstate
When all of the domain controllers reach the Prepared state, the output will look like this:
All Domain Controllers have migrated successfully to Global state (‘Prepared’).
Migration has reached a consistent state on all Domain Controllers.
Succeeded.
Make sure the above step is successful before continuing next stage.
2. Migrate Domain to Redirected state
1. Type the following command to begin the global migration state to be Redirected.
dfsrmig /setglobalstate 2
To speed the migration use the below commands.
repadmin /syncall /force /APed
dfsrdiag pollad
2. Type dfsrmig /getglobalstate to verify that the global migration state is Redirected.
Current DFSR global state: ‘Redirected’
Succeeded.
3. Type the following command to see the progress of the migration:
dfsrmig /getmigrationstate
When all domain controllers are Redirected, the output will look like this:
All Domain Controllers have migrated successfully to Global state (‘Redirected’).
Migration has reached a consistent state on all Domain Controllers.
Succeeded.
Make sure the above step is successful before continuing next stage.
3. Migrate Domain to Eliminated State
1. Type the following command to begin the global migration state to be Eliminated.
dfsrmig /setglobalstate 3
To speed the migration use the below commands.
repadmin /syncall /force /APed
dfsrdiag pollad
2. Type dfsrmig /getglobalstate to verify that the global migration state is Eliminated
Current DFSR global state: ‘Eliminated’
Succeeded.
3. Use the following command to review the progress of the migration:
dfsrmig /getmigrationstate
When all domain controllers are Eliminated, the output look like this:
All Domain Controllers have migrated successfully to Global state (‘Eliminated’).
Migration has reached a consistent state on all Domain Controllers.
Succeeded.
Note: It is recommended to check the FRS and DFSR logs for any error through the stages.
For more information please go to following Microsoft tech net link.
To roll back SYSVOL migration
You can only rollback if you are in a ‘Prepared’ state or in the ‘Redirected’ state. Type the following command to go back to the previous states:
1. Roll back from the Redirected state to the Prepared state.
dfsrmig /setglobalstate 1
dfsrmig /setglobalstate 1
2. Roll back from the Prepared state or Redirected state to the Start state.
dfsrmig /setglobalstate 0
dfsrmig /setglobalstate 0
For more information please go to following Microsoft tech net link
No comments:
Post a Comment