域服务器缺少 Sysvol 和 netlogon 共享的故障

原创

Robin0001 2021-04-12 16:09:51 博主文章分类：Windows ©著作权

文章标签 域控组策略无法同步 Sysvol 共享目录不存在 netlogon 共享目录不存在 文章分类 运维

©著作权归作者所有：来自51CTO博客作者Robin0001的原创作品，请联系作者获取转载授权，否则将追究法律责任

这个故障其实是比较简单的，但是刚开始走了很多弯路，导致花费的时间较长.

原故障为，加入域的从域服务器，缺少Sysvol 和netlogon 共享目录，无法变成全局编制的GC服务器

找了很多资料.

最后发现asdi 编辑器中DC01 缺少了 CN=DFSR-LocalSettings 以及目录下的，CN=SYSVOL Subscription

导致所有的AD服务器无法实现 DFS 目录的同步域服务器缺少 Sysvol 和 netlogon 共享的故障_netlogon 共享目录不存在

刚开始，想手动建，但是发现，手动无法建，后来查了很多谷歌资料，

此ldifde 命令，可以导出，还可以导入对应的文件，但是测试下来，发现，导入也是成功的，但是依旧无法工作

ldifde -d "CN=DFSR-LocalSettings,CN=DC02,OU=Doamin Controllers" -P subtree -o "uSNCreated,uSCNChanged,objectGuid,WhenCreated,WhenChanged" -f export-full.ldfldifde -i -k -f export-full.ldf
导入后，把 DC02 都改成DC01 ，然后尝试导入

ldifde -i -k -f export-full.ldf

最后找到了此链接

https://serverfault.com/questions/745599/deleted-domain-system-volume-how-do-i-recreate-it-i-have-no-backups

发现可以通过增加注册表方式重建 CN=DFSR-GlobalSettings

I ran into a similar situation and found this guide to be helpful. https://community.spiceworks.com/how_to/160786-how-to-re-build-sysvol-dfsr-replication-group-without-demoting-promoting-dc. It leverages processes used in the dcpromo operation to recreate the DFS replication group for the SYSVOL dirs.

Take a backup!
Stop the DFSR service on all DCs Make sure that all the existing DFS groups targeting the SYSVOL share are deleted on all DCs in DFS Management
Open ADSI Edit
If you don't see your domain listed in the left pane go to Action > Connect to.... You should see a window with some default connection info. For me the default information was correct so I clicked OK
Expand the tree for your domain and look for OU=Domain Controllers
Expand each Domain Controller and locate CN=DFSR-LocalSettings
Assuming you do not have any other DFS groups associated with these DCs delete everything in the CN=DFSR-LocalSettings folder
Go back to your domain in the left pane and locate CN=Systems > CN=DFSR-GlobalSettings and delete any subfolder that isn't an active DFS group. Please verify before deleting!
Force replication to all DCs. Run repadmin /syncall /AdeP on ALL DCs. Verify from AFSI Edit on the other DCs that the changes are visible.
Add the following registry entries on your primary DC substituting your AD domain name for <your ad domain>.

# Create the key below
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols
# Add the following DWORD32 entry
Sysvol Information is Committed=1

# Create the key below
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DFSR\Parameters\SysVols\Promoting SysVols\<your ad domian>
# Create the following DWORD32 entry
Is Primary=1
# Create the following string entries
Command=DcPromo
Parent Computer= 
Replicated Folder Name=<your ad domain>
Replicated Folder Root=C:\Windows\SYSVOL\Domain
Replicated Folder Root Set=C:\Windows\SYSVOL\sysvol\<your ad domain>
Replicated Folder Stage=C:\Windows\SYSVOL\staging areas\<your ad domain>
Replication Group Name=<your ad domain>
Replication Group Type=Domain

Sta

11. Start the DFSR service
12 . Force replication again repadmin /syncall /AdeP
13. Check for the DC in AFSI Edit on the primary DC for a CN=Domain System Volume entry under DFSR-LocalSettings. You should also see the DC under CN=System > CN=DFSR-GlobalSettings > CN=Domain System Volume > CN=Topology > CN=<your dc>
14 Check DFS Managment to see if it is working. A healthy DFS Managment view will look like this