Windows 2019: FRS to DFSR Migration

FRS to DFSR Migration Blog

This blog is a walk-through process of migration from File Replication Service to Distributed File System Replication.

If you have Windows server 2008 R2 Active Directory or later but you are still using FRS for sysvol replication then it is the time to get your environment upgraded to DFSR.

File Replication Service (FRS) started with Windows Server 2000. Microsoft used FRS to replicate SYSVOL. In Windows Server 2008, Distributed File System Replication (DFSR) was introduced for SYSVOL replication but there was not enforcement.

So, when you upgraded Active Directory FRS continued to work and you did. If you upgrade to Windows Server 2016 then you will come have to do some extra steps to coexist with FRS and DFSR.

Windows Server version 1709 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.

When you try to add a Windows Server version 1709-based server as a DC to the domain, you receive the following error message:

  • The specified domain %1 is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is deprecated.
  • The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.
  • You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.

https://support.microsoft.com/en-us/help/4025991/windows-server-version-1709-no-longer-supports-frs

So here we are doing FRS to DFSR migration.

Current Status

Let us check what is SYSVOL replication using today by running the following commands in the elevated command prompt;

dfsrmig /GetGlobalState

dfsrmig /GetMigrationState


What you need to focus on the result is the state mentioned Global state (‘Status’).

  • In most cases, you will see “START” as the state, you are running FRS and is required to perform the migration.
  • If you have “ELIMINATED” as the state, you don’t have to worry as it will be using DFSR.
  • In my customer already ran the 1st step.

Preparation

This is a very important stage as Active Directory should healthy. Do the following as prerequisite for the FRS to DFSR Migration.

  • Backup System State. Also check how to handle system state backup issue here.
  • Raise the domain/forest functional levels to windows 2008 R2.
  • Install all new windows updates.
  • Verify that the built-in Administrators group has the “Manage Auditing and Security Log” user right on all your domain controllers. Ensured the correct Security Policies were in place for on the Default Domain Controller GPO.
  • Ensure that replication for your entire organization is in a healthy state. For this, use an administrator command prompt to run the below commands;

        repadmin /syncall /AePdq

        repadmin /syncall /Aepdq


    repadmin /replsum – See if replication was run and you are shown with a minimum time (most recent time would be the time where you ran the above command)


    dcdiag /e /test:sysvolcheck /test:advertising – This will ensure that SYSVOL is advertised among all domain controllers without any issues


    • If you encounter any abnormal issues, don’t proceed. Fix It!

Migration

This involves migrating in a slow, phase by phase method where you will have the option to roll back. This is always preferred.

The migration will take you through migrating to 3 levels Prepared Stage, Redirected Stage, and Eliminated Stage;

Prepared State

  • Now you will migrate to the Prepared state, where both FRS and DFSR are replicating their own individual copies of SYSVOL, but the FRS copy mounts the SYSVOL and Netlogon shares. On the PDC Emulator domain controller, run (as an elevated domain admin):
  • dfsrmig /SetGlobalState 1


    Now you wait for this AD value on the PDCE to converge on all domain controllers, then for DFSR to switch to Prepared state on each domain controller and update AD, and finally for that value to replicate back to the PDCE. Use the following command to see progress:

    dfsrmig /GetMigrationState


    Run the following commands to manually invoke replication to each domain controllers

    repadmin /syncall /AePdq

    repadmin /syncall /Aepdq


    Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Prepared


    Also notice that you will have a new folder inside the NTDS for SYSVOL;


    Redirected State

  • Now you will migrate to the Redirected state, where both FRS and DFSR are replicating their own individual copies of SYSVOL, but the DFSR copy mounts the SYSVOL and Netlogon shares. On the PDC Emulator domain controller, run (as an elevated domain admin):

  • dfsrmig /SetGlobalState 2


        Now you wait for this AD value on the PDCE to converge on all domain controllers, then for DFSR to switch to Redirected state on each domain controller and update AD, and finally for that value to replicate back to the PDCE. Use the following command to see progress:

        dfsrmig /GetMigrationState


        Run the following commands to manually invoke replication to each domain controllers

    repadmin /syncall /AePdq

    repadmin /syncall /Aepdq


        Run the below command to view the status of the migration status again. Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Redirected

        dfsrmig /GetMigrationState


    Eliminated State

    Finally, you will migrate to the Eliminated state, where DFSR is replicating SYSVOL and FRS is removed. Unlike the Prepared and Redirected states, there is no way to go backwards from this step – once executed, FRS is permanently stopped and cannot be configured again. On the PDC Emulator domain controller, run (as an elevated domain admin):

    dfsrmig /SetGlobalState 3


        Now we wait for this AD value on the PDCE to converge on all domain controllers, then for DFSR to switch to Redirected state on each domain controller and update AD, and finally for that value to replicate back to the PDCE. Use the following command to see progress:

        dfsrmig /GetMigrationState


        Run the
    following commands to manually invoke replication to each domain controllers

    repadmin /syncall /AePdq

    repadmin /syncall /Aepdq

        After some time one of them was Eliminated and other was left.


    Now ran replication


    Once the migration is complete, you will receive the below message; Note that it says the state is now ‘Eliminated’


    We can also run the following command to trigger a sync with the global information store in Active Directory Domain Services

        DFSRDIAG POLLAD

    Event Viewer DFSR Events are added below







    We can also verify sysvol subscription in ADSIEDIT, msDFSR-Enabled should be TRUE

    CN=SYSVOL Subscription,CN=Domain System Volume,CN=DFSR-LocalSettings,CN=DC02,OU=Domain Controllers,DC=doman,DC=local


    At this time FRS service gets disabled, which can be verified as well.


    FRS to DFSR Migration Blog ends here

    Prabhat Nigam

    Team at Golden Five Consulting


Leave Comment

Your email address will not be published. Required fields are marked *