Wondering how to force authoritative and non-authoritative synchronization for DFSR? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team use force authoritative and non-authoritative synchronization.

How to force authoritative and non-authoritative synchronization for DFSR?

Today, let us see the steps followed by our Support Techs in order to perform the task.

How to perform a non-authoritative synchronization of DFSR-replicated sysvol replication

1. In the ADSIEDIT.MSC tool, modify the following distinguished name (DN) value and attribute on each of the domain controllers (DCs) that you want to make non-authoritative:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>

msDFSR-Enabled=FALSE

2. Then, force Active Directory replication throughout the domain.

3. Next, run the following command from an elevated command prompt on the same servers that you set as non-authoritative:

DFSRDIAG POLLAD

4. You’ll see Event ID 4114 in the DFSR event log indicating sysvol replication is no longer being replicated.

5. On the same DN from Step 1, set msDFSR-Enabled=TRUE.

6. Then, force Active Directory replication throughout the domain.

7. Next, run the following command from an elevated command prompt on the same servers that you set as non-authoritative:

DFSRDIAG POLLAD

8. You’ll see Event ID 4614 and 4604 in the DFSR event log indicating sysvol replication has been initialized.

That domain controller has now done a D2 of sysvol replication.

How to perform an authoritative synchronization of DFSR-replicated sysvol replication

1. Firstly, Set the DFS Replication service Startup Type to Manual, and stop the service on all domain controllers in the domain.

2. In the ADSIEDIT.MSC tool, modify the following DN and two attributes on the domain controller you want to make authoritative.

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<the server name>,OU=Domain Controllers,DC=<domain>

msDFSR-Enabled=FALSE
msDFSR-options=1

3. Then, modify the following DN and single attribute on all other domain controllers in that domain:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<each other server name>,OU=Domain Controllers,DC=<domain>

msDFSR-Enabled=FALSE

4. Then, force Active Directory replication throughout the domain and validate its success on all DCs.

5. Next, start the DFSR service on the domain controller that was set as authoritative in Step 2.

6. You’ll see Event ID 4114 in the DFSR event log indicating sysvol replication is no longer being replicated.

7. Then, on the same DN from Step 1, set msDFSR-Enabled=TRUE.

8. Next, orce Active Directory replication throughout the domain and validate its success on all DCs.

9. Next, run the following command from an elevated command prompt on the same server that you set as authoritative:

DFSRDIAG POLLAD

10. Then, you’ll see Event ID 4602 in the DFSR event log indicating sysvol replication has been initialize.

That domain controller has now done a D4 of sysvol replication.

11. Next, start the DFSR service on the other non-authoritative DCs. You’ll see Event ID 4114 in the DFSR event log indicating sysvol replication is no longer being replicated on each of them.

12. Then, modify the following DN and single attribute on all other domain controllers in that domain:

CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=<each other server name>,OU=Domain Controllers,DC=<domain>

msDFSR-Enabled=TRUE

12. Run the following command from an elevate command prompt on all non-authoritative DCs.

DFSRDIAG POLLAD

13. Finally, return the DFSR service to its original Startup Type (Automatic) on all DCs.

[Looking for a solution to another query? We are just a click away.]

Conclusion

In brief, our skilled Support Engineers at Bobcares demonstrate how to force authoritative and non-authoritative synchronization for DFSR.