MORE INFORMATION

This section discusses how to move the SYSVOL tree from the C:\Winnt\Sysvol folder to the X:\Winnt\Sysvol folder. In this example, the domain controller is named DC1, and the domain name is CONTOSO.COM.

Use the Active Directory Installation Wizard to demote and to repromote the domain controller

1. Confirm that inbound and outbound replication is occurring for the Active Directory directory service and for the SYSVOL tree.
2. Use the Active Directory Installation Wizard to perform a network-based demotion of the DC1 domain controller. Restart DC1 immediately after the demotion.
3. Before you repromote DC1, wait for the following events to occur:
   • All domain controllers in the forest must inbound replicate the removal of the demoted domain controller's NTDS file system settings object. This object is located in the configuration partition. The NTDS settings object is the parent of Active Directory connection objects that are visible in the Active Directory Sites and Services snap-in.
   • All global catalog domain controllers in the forest must inbound replicate the read-only copy of DC1's domain partition.
4. Use the Active Directory Installation Wizard to specify a new drive and path on an NTFS-formatted partition.

Demotion and repromotion of a domain controller is a simple and supported option for relocating the SYSVOL tree and its shares if the following conditions are true:

• A small-to-medium number of objects exist in Active Directory.
• Local area network (LAN)-speed connectivity is available.
• Additional domain controllers are available in the affected Active Directory domain and Active Directory site.

However, network-based Active Directory Installation Wizard promotions in domains with multi-gigabyte Active Directory databases may take 2-7 days if network connectivity is slow. To avoid delays when you promote replica domain controllers that are running Windows Server 2003, you can perform installations from media-based promotions, where the bulk of Active Directory is sourced from a locally-restored system state backup.

To estimate the required time for a network-based promotion, compare the start and end times for a previous promotion that was comparable in scope. These times are available in the %Systemroot%\Debug\Dcpromo.log file.

Manually relocate an existing SYSVOL tree to a new location

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To manually relocate the SYSVOL tree, move the SYSVOL tree from its drive and path to a new destination drive and path by modifying several registry keys and by resetting reparse points in the file system. To do this, follow these steps:

1. Prepare your domain controller. To do this, follow these steps:
   1. Confirm that inbound and outbound Active Directory replication is occurring on the domain controller.
   2. Confirm that inbound and outbound FRS replication of the SYSVOL replica set is occurring on the domain controller.
   3. Turn off antivirus programs or other services that create locks on files or on folders that reside in the SYSVOL tree.
   4. Back up the system state of the domain controller. Back up the file system part of the SYSVOL tree on the domain controller so that you can return the computer to its current configuration if you experience problems with the relocation process.
   5. Stop the FRS.
2. Use Windows Explorer or an equivalent program to copy the original SYSVOL domain tree to the Clipboard.
   
   For example, if the SYSVOL domain tree is located in the C:\Winnt\Sysvol folder, click to select this folder, click Edit on the menu bar, and then click Copy.
3. Use Windows Explorer or an equivalent program to paste the contents of the Clipboard in the new path.
   
   For example, to move the SYSVOL tree to the X:\Winnt\Sysvol folder, click to select this folder, click Edit, and then click Paste.
   
   The parent folder for the relocated SYSVOL tree may be modified. However, we recommend that you maintain the same relative path for the relocated SYSVOL tree. For example, if the SYSVOL tree was originally located in the C:\Winnt\Sysvol folder and you want relocate the SYSVOL tree on logical drive X:, create a X:\Winnt folder, and then paste the SYSVOL tree in that folder.
4. Use the Ldp.exe or ADSIedit.msc editors to modify the value of the FRSRootPath attribute in Active Directory. The FRSRootPath attribute must reflect the new replica set root drive and the folder that you specified in step 3. In this example, you would modify the FRSRootPath attribute as follows:
   • DN Path: cn=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=DC1,OU=Domain Controller,DC=CONTOSO.COM
   • FRSRootPath Value: X:\Winnt\Sysvol\Domain
5. Use the Ldp.exe or ADSIedit.msc editors to modify the value for the FRSStagingPath attribute. This attribute must reflect the new staging path, including the new drive and folder that you selected in step 3.
   • DN path: cn=Domain System Volume (SYSVOL share),CN=NTFRS Subscriptions,CN=DC1,OU=Domain Controller,DC=CONTOSO.COM
   • FRSStagingPath Value: X:\Winnt\Sysvol\Staging\Domain
6. Modify the registry to reflect the new staging drive and folder. To do this, follow these steps.
   1. Click Start, click Run, type regedt32, and then click OK.
   2. Locate and then right-click the following registry subkey:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

   3. Right-click the SYSVOL value, and then clickModify.Type a new path for the SYSVOL replica set root. For example, type X:\Winnt\sysvol\sysvol.
7. Configure FRS to perform a non-authoritative restore of the SYSVOL replica set. To do this, follow these steps:
   1. Locate and then click the following registry subkey:

      \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup

   2. Right-click the BurFlags value, and then click Modify. Set the value to D2 hexadecimal if there are other domain controllers in the same domain. Set the BurFlags value to D4 hexadecimal if only one domain controller exists in the domain.
      
      Important Do not restart FRS now.

   
   Note If the domain controller hosts any FRS-replicated DFS roots or links, you may want to set the replica set-specific BurFlags registry key to prevent a temporary service outage and re-replication of data in FRS-replicated DFS roots or links.
   
   For more information, click the following article number to view the article in the Microsoft Knowledge Base:

   290762 Using the BurFlags registry key to reinitialize file replication service replica sets

8. Apply default permissions to the new path of the SYSVOL tree. To do this, copy the following text, and then paste it in a Notepad file:

   [Unicode]
   Unicode=yes
   [Version]
   signature="$CHICAGO$"
   Revision=1
   [Profile Description]
   Description=default perms for sysvol
   [File Security]
   ;"%SystemRoot%\SYSVOL",0,"D:AR(A;OICI;FA;;;BA)"
   ;---------------------------------------------------------------------------------------------
   ;Sysvol.                        THIS ENVIRONMENT VARIABLE MUST BE SET!!!!!!!!!!!!!!!!!!!!!!!!!
   ;---------------------------------------------------------------------------------------------
   "%Sysvol%",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)"
   "%Sysvol%\domain\policies",2,"D:P(A;CIOI;GRGX;;;AU)(A;CIOI;GRGX;;;SO)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GA;;;CO)(A;CIOI;GRGWGXSD;;;PA)"

9. Use the following parameters to save the contents of the Notepad file that you created in step 8:
   • File name: %systemroot%\security\templates\sysvol.inf
   • Save as type: All Files
   • Encoding: Unicode

   
   
   

   Note The SYSVOL environment variable must be set to point to the new location. Otherwise, the Secedit command does not run successfully.
10. Import the SYSVOL security template. To do this, click Start, click Run, type cmd, and then click OK. Type the following, and then press ENTER:

    secedit /configure /cfg %systemroot%\security\templates\sysvol.inf /db %systemroot%\security\templates\sysvol.db /overwrite

11. Use the Linkd command to update the reparse points in the file system to reflect the new path of the SYSVOL tree. For example, if your domain controller is in the CONTOSO.COM domain, and the SYSVOL tree is located in the X:\Windows\Sysvol folder, type the following commands at the command prompt on your domain controller. Press ENTER after each command.

    linkd X:\Winnt\Sysvol\Sysvol\CONTOSO.COM X:\Winnt\Sysvol\Domain

    linkd X:\Winnt\Sysvol\Staging areas\CONTOSO.COM X:\Winnt\Sysvol\Staging\Domain

    Note Make sure that the SYSVOL directory tree is created before you run the Linkd command. The command fails if there is data in the CONTOSO.COM directory or subdirectories.
12. Restart FRS.

13. Look for events in the FRS event log that indicate that the replica set is joined and that the SYSVOL folder is changed. For example, you may see an event that is similar to the following:
    
    

    Event Type: Information
    Event Source: NtFrs
    Event Category: None
    Event ID: 13553
    Computer: Domain_controller_name
    Description: The File Replication Service successfully added this computer to the following replica set: "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"

    
    
    In the example that is used in this article, the event would include the following information:
    

    Computer DNS name is "DC1.CONTOSO.COM" Replica set member name is "DC1" Replica set root path is "x:\winnt\sysvol\domain" Replica staging path is "d:\winnt\sysvol\staging\domain" Replica working path is "c:\winnt\ntfrs\jet"

14. On the domain controller, use the net logon command or the net view command to verify that the domain controller has shared the Netlogon and Sysvol folders. If the shared folders do not exist, follow these steps:
    1. If the value for the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\Sysvolready registry subkey is 1, restart the Netlogon service. If this subkey value is 0, go to step c.
    2. Look for the shared folders again. If the folders are still not available, type the following at a command prompt, and then press ENTER:

       nltest /dbflag:2080FFFF

       
       

       Look for errors in the %Systemroot%\Debug\Netlogon.log file.
    3. If the value for the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\Sysvolready registry subkey is 0, do not set the registry value to 1. Review the FRS debug logs in the %Systemroot%\Debug folder to verify that inbound and outbound FRS replication is occurring.
15. Restart any services that you stopped in step 1c.