Microsoft KB Archive/929266
Article ID: 929266
Article Last Modified on 1/19/2007
- Microsoft Windows Server 2003, Standard Edition (32-bit x86)
- Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
On a Microsoft Windows Server 2003-based domain controller, morphed folders appear in the following paths:
<FQDN> represents the fully qualified domain name (FQDN). Morphed folders are folders that have names that are in a FolderName_NTFRS_
<xxxxxxxx> pattern. In this folder,
<xxxxxxxx> represents eight random hexadecimal digits.
This problem occurs when one of the following conditions is true:
- You use the Group Policy Management Console (GPMC) to restore a Group Policy object (GPO) on a domain controller. In this GPO, either the Computer Configuration setting or the User Configuration setting is undefined. Then, you use Group Policy Object Editor to view the undefined GPO setting on two different domain controllers.
- You use Group Policy Object Editor to create a GPO on a domain controller. In this GPO, either the Computer Configuration setting or the User Configuration setting is undefined. Then, you use Group Policy Object Editor to view the undefined GPO setting on two different domain controllers.
The GPMC only backs up and restores the configurations that are defined. For example, when you restore a GPO that has the User Configuration setting defined, the folders that correspond to the Computer Configuration setting are deleted. Then, when you view the Computer Configuration setting of the GPO in Group Policy Object Editor, the corresponding folders are recreated if the folders are unavailable.
If you restore a GPO on one domain controller, and then view the GPO on two different domain controllers all within one File Replication Service (FRS) interval, morphed folders may appear in the SYSVOL Group Policy folder.
To avoid this problem, follow these recommendations:
- Recommendation 1
Do not use Group Policy Object Editor as a tool to test FRS replication.
- Recommendation 2
Perform GPO management tasks on a certain domain controller. For example, perform GPO management tasks on the primary domain controller (PDC) emulator only.
However, in some scenarios, you may have trouble logging on to the PDC emulator locally to manage the GPOs. In this situation, follow these steps:
- Configure Terminal Services on the PDC emulator.
- Log on to the PDC emulator in a terminal server session.
- Recommendation 3
In some scenarios, you cannot perform follow-up GPO management tasks on the PDC emulator. In this situation, you can view the GPO in Group Policy Object Editor immediately after you create a new GPO in the GPMC. Or you can view the GPO after you restore a GPO in the GPMC. This step recreates the deleted folders before you view the GPO from remote computers.
- Recommendation 4
Third-party GPO extensions require additional operations to make the GPMC recognize the extensions. For example, you can edit the GPOLayout.xml file of the GPMC according to the instructions of vendors. For more information about how to incorporate third-party GPO extensions into the GPMC backup, contact the vendor.
The %WINDIR%\SYSVOL\Sysvol\<FQDN>\Policies path that is described in the "Symptoms" section is a junction of the %WINDIR%\SYSVOL\Domain\Policies folder. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
319808 SYSVOL junction inherits NTFS permissions from the drive root
Operations that are on different replication members are likely to generate morphed folders. For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
328492 Folder name is changed to "FolderName_NTFRS_<xxxxxxxx>"
840675 Configuration and operational recommendations for the File Replication service in Windows Server 2003 and Windows 2000 Server
You may experience a problem even if you remotely try to edit the GPOs by connecting a Group Policy Object Editor Microsoft Management Console (MMC) snap-in to the PDC emulator. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
896669 When you use the Group Policy Object Editor on a computer that is running Windows Server 2003 or Windows XP to change GPOs on a remote domain controller, the changes do not take affect for a long time
Note the following details about the GPO restore process of the GPMC:
- The restore operation creates a MachineStaging folder and a UserStaging folder that are under the policy folder. By default, the policy folder is located in the following path:
- The GPMC restores policies from the backup files to the MachineStaging folder and the UserStaging folder by using the corresponding folder structure.
- The restore operation creates a MachineOld folder, a UserOld folder, and an AdmOld folder under the policy folder.
- A rollback is needed if the restore operation fails. Therefore, the restore operation backs up the existing content from the Machine folder and the User folder in the MachineOld folder and the UserOld folder.
- If the restored content in the MachineStaging folder and the UserStaging folder contains a folder that already exists in the Machine folder or the User folder, the existing folder is retained.
- If the backup does not contain a folder, the folder is not included in the MachineStaging folder or the UserStaging folder. Therefore, this folder is deleted under the Machine folder or the User folder in the finalization process. This is the step where previously existing folders, without GPO configuration content, may disappear after the GPMC restore.
- Finally, the existing files and folders in the Machine folder or in the User folder are overwritten. The Windows NT File Replication service (NTFRS) file GUIDs of these objects in the NTFRS Database are retained.
Note Both files and folders have NTFRS file GUIDs.
- If all these operations are successful, the following folders are removed:
Keywords: kbexpertiseinter kbtshoot kbprb KB929266