I recently promoted a new Windows Server 2019 member server to a Domain controller and had problems with the SYSVOL & NETLOGON folders replicating to this new DC.
The symptoms were that after promotion the folders did not exist on the new server. However they did exist on the Windows Server 2016 DC which was to be decommissioned.
After looking in the Event Viewer on the old DC I noticed the following error messages with event ID:
After some investigation I realized that this could have been a historic problem and the DC may have been trying to contact a previous Domain Controller that no longer exists.
To resolve the problem I carried out the following steps to perform an ‘Authoritative restore’. This procedure ensures that any other DCs replicate from the server which you perform it on. It will replicate the SYSVOL state to others in the Domain if they exist and any future DCs.
Open ADSI Edit and navigate to the SYSVOL Subscription key within the default naming context, as shown below:
1. Stop the DFS Replication Service from Services.msc or by running this CMD command on the DC which you want to perform the authoritative restore.
net stop DFSR
2. Open ADSI Edit and navigate to the SYSVOL Subscription key within the default naming context, as shown below:
Default Naming Context > Domain > Domain Controllers > Domain Controller > DFSR-LocalSettings > Domain System Volume > SYSVOL Subscription
3. Locate the following keys and set them to the values shown:
4. Start the DFS Replication service by running:
net start DFSR
5. Set the DN:
6. Force Active Directory replication by running the below command:
repadmin /syncall /AdP
7. Run the following command:
8. Check in the DFSR event log on your DC and you should see some recent events & useful information stating that DFSR had been stopped and started again.
The DFS Replication service successfully initialized the SYSVOL replicated folder at local path C:\Windows\SYSVOL\domain. This member is the designated primary member for this replicated folder. No user action is required. To check for the presence of the SYSVOL share, open a command prompt window and then type "net share". Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: 5AFFCBC6-B1B9-475B-8EA2-E32539762AFB Replication Group Name: Domain System Volume Replication Group ID: 96E0C3BF-BC1C-4BEA-8D24-C5B9392F59B7 Member ID: 760689A9-3E66-4E9E-9A2D-5029FA25A2D2 Read-Only: 0
This procedure helped me run an Authoritative restore of my SYSVOL so that replication resumes successfully within my domain. More info on this can be found on this Microsoft post.