# SYSVOL Migration to DFRS (1) Verify domain is 2008 or above (2) Verify there are no replication issues using **dcdiag** ### State 0: Start ``` dfsrmig /CreateGlobalObjects ``` Run commands below for each DC for verification: ``` dfsrdiag pollad /member:SERVERNAME // replace SERVERNAME with name of server to be polled ``` Check the migration state of the server ``` dfsrmig /GetMigrationState ``` ### State 1: Preparation ``` dfsrmig /SetGlobalState 1 ``` Replication can run on just the DFRS Global Settings ``` repadmin /replsingleobj * SERVERNAME "CN=DFSR-GlobalSettings, CN=System,DC=NAME,DC=local (or TLD)" ``` Verify **msDFR-Flags 16** is prepared ``` repadmin /showattr * "CN=DFSR-GlobalSettings,CN=System,DC=NAME,DC=local (or TLD)" /atts:msDFSR-Flags ``` {% hint style="info" %} If the above commands do not work, you can manually check using ADSI Edit {% endhint %} Run the command below on each DC to verify ``` dfsrdiag pollad /member:SERVERNAME ``` Replicate from the DC, verify there are no errors ``` repadmin /syncall /SAe SERVERNAME ``` Check the migration state ``` dfsrmig /GetMigrationState ``` {% hint style="info" %} NETLOGON and SYSVOL shares should still point to sysvol net share {% endhint %} ### State 2: Redirected ``` dfsrmig /SetGlobalState 2 ``` Run replication on just the DFRS Global Settings ``` repadmin /replsingleobj * SERVERNAME "CN=DFSR-GlobalSettings,CN=System,DC=NAME, DC=local (or TLD)" ``` Verfiy msDFR-Flags 32 is redirected ``` repadmin /showattr * "CN=DFSR-GlobalSettings,CN=System,DC=NAME,DC=local (or TLD)" /atts:msDFSR-Flags ``` {% hint style="info" %} If the commands above do not work, you can manually check by using ADSI Edit {% endhint %} Run the command below to verify for each DC ``` dfsrdiag pollad /member:SERVERNAME ``` Replicate from DC, verify there are no errors ``` repadmin /syncall /SAe SERVERNAME ``` Check the migration state ``` dfsrmig /GetMigrationState ``` {% hint style="info" %} If the above commands do not work, you can manually check using ADSI Edit {% endhint %} ### State 3: Eliminated ***This is irreversible - once you go to State 3, there is no going back!*** ``` dfsrmig /SetGlobalState 3 ``` Run the command below for each DC to verify ``` dfsrdiag pollad /member:SERVERNAME ``` Replicate from DC, verify there are no errors ``` repadmin /syncall /SAe SERVERNAME ``` Check the migration state ``` dfsrmig /GetMigrationState ``` {% hint style="info" %} NETLOGON and SYSVOL shares should now point to sysvol\_dfsr, and the previous sysvol directory should be deleted. {% endhint %} Verify msDFR-Flags 48 is eliminated ``` repadmin /showattr * "CN=DFSR-GlobalSettings,CN=System,DC=NAME,DC=local (or TLD)" /atts:msDFSR-Flags ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.bryanpcoleman.com/microsoft-windows/sysvol-migration-to-dfrs.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.