In most situations, it's only one or a few domain controller (lower than 50%) which have replication issues at a given time. In such a situation, we can issue a non-authoritative replication request, so the system will replicate the SYSVOL from the PDC. In order to perform a non-authoritative replication, follow these steps:
- Back up the existing SYSVOL: This can be done by copying the SYSVOL folder from the domain controller that has DFS replication issues to a secure location.
- Log in to DC as Domain Admin/Enterprise Admin.
- Launch the ;ADSIEDIT.MSC tool and connect to Default naming context:
- Browse to DC=domain,DC=local | OU=Domain Controllers | CN=(DC NAME) | CN=DFSR-LocalSettings | Domain System Volume | SYSVOL Subscription.
- Change ;the value of the attribute msDFSR-Enabled ;to ;FALSE:
- Force AD replication using:
repadmin /syncall /AdP
- Run the following to install the DFS management tools (unless this is already installed):
Add-WindowsFeature RSAT-DFS-Mgmt-Con
- Run the following command to update the DFRS global state:
dfsrdiag PollAD
- Search for event 4114 to confirm that SYSVOL replication is disabled:
Get-EventLog -Log "DFS Replication" | where {$_.eventID -eq 4114} | fl
- Change the attribute value of ;msDFSR-Enabled back to ;TRUE (step 5).
- Force AD replication as in step 6.
- Update the DFRS global state by running the command in step 8.
- Search for events 4614 and 4604 to confirm successful non-authoritative synchronization:
All the commands should be run from the domain controllers set as non-authoritative. It's only recommended you use this where lower than 50% of domain controllers have DFS replication issues.