I recently got the opportunity to revisit Client L, based in Dorset. I’ve worked with them before in creating a mobile infrastructure.
Mobile, in this instance, is talking about it being an infrastructure that can:
- Set up in a mobile location
- Power up the infrastructure
- Complete the work required for a couple of months
- Power off the infrastructure
- Disassemble the location
So there were problems replicating the GPO files between the domain controllers. A quick look at the DFS logs showed the second domain controller was out of sync, as it hadn’t been replicating for over 500 days. Hardly surprising, as that was the design requirements.
A quick conversation found that not all servers were powered on when the previous refresh was completed. Since the Directory was out of sync, we were looking at an authoritative synchronization of DFSR-replicated sysvol replication.
In a nutshell, the process is as follows:
- Turn off DFS Replication Service and set to Manual.
- Using ADSIEdit, set the Primary DC as Authoritive and disable the DFSR.
- Using ADSIEdit, disable the DFSR on the other DC(s).
- Force Active Directory replication throughout the domain.
- Start the DFSR service on the Primary DC.
- Using ADSIEdit, enable the DFSR on the Primary DC.
- Force Active Directory replication throughout the domain.
- Use DFSRDIAG on the Primary DC.
- Start the DFSR service on the other DC(s).
- Using ADSIEdit, enable the DFSR on the other DC(s).
- Use DFSRDIAG on the other DC(s).
- Return the DFSR service to its original Startup Type (Automatic) on all DCs.
A couple of hours later, and the directory was syncing properly.
For more information, see the following Microsoft documents on “Authorative and Non-authoritive Replications“
