1

Hello,

I have two domain controllers on my network, however they are not replicating group policy objects between each other (active directory replication works fine)

Obviously the correct solution is to fix the replication problem, however I’m wondering if there is harm in manually copying the group policy objects in the sysvol on one server to the other (i.e.copy the folder with the guid from one sysvol to the other sysvol). Are there any gotchas that I would need to be aware of?

6 Spice ups
2

I had a similar problem with one of our client domains running Windows Server 2008 R2, but another tech fixed it, so I can’t tell you what our resolution was. What I can tell you is that when we tried the same thing you suggested, we had more replication problems than we had before the issue started. I’m pretty sure part of the solution involved blowing out the sysvol folder on the server that was having the replication problems, but I honestly don’t know because I did not implement the solution. Sorry!

3

How many DCs are we talking here overall? Replication problems usually stem from incorrect client DNS settings on the DCs themselves.

I’ll copy some text from one of my other posts

…to help facilitate a healthy AD environment and internal DNS in general - - take a look at this. Assuming your DCs are also your DNS servers (let’s assume you have three):

Server 1 IP: 192.168.0.1

  1. Primary DNS: 192.168.0.2

  2. Secondary DNS: 192.168.0.3

  3. Tertiary DNS: 127.0.0.1

Server 2 IP: 192.168.0.2

  1. Primary DNS: 192.168.0.3

  2. Secondary DNS: 192.168.0.1

  3. Tertiary DNS: 127.0.0.1

Server 3 IP: 192.168.0.3

  1. Primary DNS: 192.168.0.1

  2. Secondary DNS: 192.168.0.2

  3. Tertiary DNS: 127.0.0.1

1 Spice up
4

Manyally copying the group policy files will only fiz it temporarily because as soon as you add a new GPO it will not sync. You either fix the DNS/network issues or do a non authoritative restore of sysvol and if that doesn’t work do an authoritative restore of Sysvol.

5

Please run dcdiag and see what error messages you get. Also check eventlog for replication errors.

6

This is more likely to be an FRS database issue (or, if you have already upgraded your sysvol replication to DFSR, a DFSR database issue) than a DNS issue (as normal replicaton is working fine).

If this is the case, you should get an frsevent error in your DCDIAG and some warnings/errors in the FRS log with ID 13508 stating that the connection between DCs has been stopped (and none with 13509 stating that the connection has been restored).

If you’re lucky, a restart of the frs service ( on the out of date server will do the trick, otherwise you’ll need to do an authoritative restore: Use BurFlags to reinitialize File Replication Service (FRS) - Windows Server | Microsoft Learn

If you are using DFSR in stead of FRS, the idea is the same: ITPro Today: IT News, How-Tos, Trends, Case Studies, Career Tips, More

And if you don’t see anything in dcdiag or your event logs that points to there being a problem with FRS or DFSR, the output of dcdiag and dcdiag /test:dns should give you some more info about where to look.

7

OP did not state the level of functionality with replication - we need to get a response from him regarding dcdiag first before we can make this assumption.

8

Thank you. I’ll take a look at this next time I’m in the office.

We have two DC’s

9

I will give this a try, thanks.

10

What DC OS do you have? What is the Replication you use for your DCs and what is your Domain functional level?