Forum

AD kurulumu netlogo...
 
Bildirimler
Hepsini Temizle

AD kurulumu netlogon ve sysvol olusmadı

3 Yazılar
3 Üyeler
0 Reactions
1,366 Görüntüleme
(@vasviuysal)
Gönderiler: 7890
Üye
Konu başlatıcı
 

 


 


Merhabalar


 


Forumda yeniyim henuz uye oldum


makalelere google aramasi sonucu ulasmis favourits listemde idi bu site


Bir mustermizde kurulu olan AD server icin yeni bir makine alindi ikinci makineye 2003 Server kurulup AD ye dahil edilip uzerine AD kurulumu yapıldı fakat yeni kurulan server uzerinde netlogon ve sysvol paylasimlari otomnatik olarak olusmadi , digher serverdaki paylasim ve guvenlik haklarina bakarak manuel olusturdugum sysvol ve netlogon paylasimlari ise bir sure sonra kayboluyor , musterideki yapı yuzunden su an makinayi yeniden kurma sansimda yok , eski serveride bu yuzden AD den cikaramiyorum


buna benzer bir sorunla karsilasan yada cozum onerisinde bulunabilecek olan varmidir acaba


 


cevaplar icin simdiden tesekkurler

 
Gönderildi : 09/09/2008 15:34

(@ahmetaltuntas)
Gönderiler: 731
Prominent Member
 

The File Replication Service (FRS) is a
multi-threaded, multi-master replication engine that replaces the LMREPL
service in Microsoft Windows NT version 3.x and 4.0. Microsoft Window Server
2003-based domain controllers and servers use FRS to replicate system policy
and login scripts for Windows Server 2003-based clients and clients that are
running earlier versions of Windows.

FRS can also replicate content
between Windows Server 2003-based servers that are hosting the same
fault-tolerant DFS roots or child node replicas.

The information in
this article may be useful if your Window Server 2003-based domain controllers
are missing the SYSVOL and NETLOGON shares.

How to Troubleshoot Missing SYSVOL and NETLOGON Shares

Missing SYSVOL and NETLOGON shares typically occur on replica
domain controllers in an existing domain, but may also occur on the first
domain controller in a new domain. You following these steps with the replica
domain controllers, but you can also use them with the first domain controller
in the domain by ignoring the replication-specific steps.

  • NTDS Connection objects exist in the DS of each replication
    partner.

    NTDS Connections are one way connections. These connections
    are used by the Directory service to replicate the Active Directory and the
    File Replication Service (FRS) to replicate the file system portion of system
    policy in the SYSVOL folder. The Knowledge Consistency Checker (KCC) is
    responsible for building NTDS connection objects to form a well-connected
    topology between domain controllers in the domain and forest. If you do not
    have automatic connections, an administrator may also create manual connection
    objects.

    Use the "Sites and Services" (Dssite.msc) snap-in to
    examine the connection objects that exist between the problem computer and
    existing domain controllers. For replication to occur between computer \\M1 and
    \\M2, \\M1 must have an inbound connection object from \\M2, and \\M2 must have
    an inbound connection object from \\M1. Use the Connect to Domain Controller command
    in Dssites.msc to view and compare each domain
    controller's perspective of the intra-domain connection objects.

    If
    no connection objects exist for the new replica member, use the Check Replication Topology
    command in Dssites.msc to force KCC to build the automatic
    connection objects. After you do so, press F5 to refresh the view.

    If KCC cannot build automatic connections, administrators must build manual
    connection objects for domain controllers with no inbound or outbound
    connections to or from other domain controllers in the domain. KCC may
    successfully build the automatic connection objects if you build a single
    working manual connection object. Delete duplicate manual or automatic
    connections from the same domain controller in the domain to avoid a
    replication-blocking configuration.For additional
    information about this issue, click the article number below to view the
    article in the Microsoft Knowledge Base:


    251250
    NTFRS Event ID 13557 Is Recorded When Duplicate NTDS Connection Objects Exist

  • Active Directory replication occurs between the new and
    existing domain controllers in the domain.

    Use Repadmin.exe to
    confirm that Active Directory replication occurs between the source and
    destination domain controllers in the same domain in the scheduled replication
    interval. Default replication intervals are 5 minutes between domain
    controllers in the same site, and one time every 3 hours between domain
    controllers in different sites with a minimum of 15 minutes.

    REPADMIN /SHOWREPS %UPSTREAMCOMPUTER%

    REPADMIN /SHOWREPS %DOWNSTREAMCOMPUTER%

    FRS replication is dependent on the Active Directory to replicate
    the configuration information between domain controllers in the domain. If you
    think that replication is the problem, examine replication events in Event
    Viewer. Do so after you set the "replication events" entry in the following
    registry key to 5 on potential source computers (\\M1) and the destination computer
    (\\M2):

    HKEY_LOCAL_MACHINE\System\CCS\Services\NTDS\Diagnostics\

    After you set this entry, force replication from
    \\M1 to \\M2 and \\M2 to \\M1 by using the replicate now command in Dssites.msc or its
    equivalent command in
    REPLMON.

  • The server that is used to source the Active Directory and
    SYSVOL folder should have created NETLOGON and SYSVOL shares itself.

    After the Dcpromo.exe program has restarted the computer, FRS first tries to
    source the SYSVOL share from the computer that is identified in the following
    "Replica Set Parent" registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTFRS\Parameters\SysVol\
    DomainName

    NOTE: This key is temporary and is deleted after SYSVOL
    is sourced or
    the information under SYSVOL has been successfully replicated.

    The
    2195 release of Ntfrs.exe prevents replication from this initial source server.
    This delays SYSVOL replication until FRS can try replication from an inbound
    replication partner in the domain over an automatic or manual NTDS connection
    object.

    All potential source domain controllers in the domain
    typically have already shared the NETLOGON and SYSVOL shares and applied
    default domain and domain controllers policy.

    SYSVOL folder
    structure:

    • domain
      • DO_NOT_REMOVE_NtFrs_PreInstall_Directory
      • Policies
        • {GUID}
          • Adm
          • MACHINE
          • USER
        • {GUID}
          • Adm
          • MACHINE
          • USER
        • {etc.,}
        • scripts
        • staging
        • staging areas
        • MyDomainName.com
        • scripts
        • sysvol(sysvol share)
        • MyDomainName.com
        • DO_NOT_REMOVE_NtFrs_PreInstall_Directory
        • Policies
        • {GUID}
          • Adm
          • MACHINE
          • USER
        • {GUID}
          • Adm
          • MACHINE
          • USER
        • {etc.,}
      • scripts(NETLOGON
        share)

    For additional information
    about the problem of sourcing from the initial replica, click the article
    number below to view the article in the Microsoft Knowledge Base:

    250545 SYSVOL Directory
    Is Slow to Synchronize, Delays Creation of SYSVOL Share and Domain Controller Registration

  • The "Enterprise Domain Controllers" group must be granted
    the "access this computer from network" right in the default domain controllers
    policy on the domain controllers organizational unit.

    Replication of
    the Active Directory during the use of the Dcpromo.exe program uses the
    credentials that are provided in the Active Directory Installation Wizard. Upon
    restart, replication occurs in the context of the domain controller's computer
    account. All source domain controllers in the domain must successfully
    replicate and apply the policy that gives the "Enterprise Domain Controllers"
    group the "Access this computer from network right. For quick verification,
    look for event 1704s in the Application log of potential source domain
    controllers. For detailed verification, run a security configuration analysis
    against the Basicdc.inf template and examine the log output. Note that this
    requires defining environment variables for SYSVOL, DSLOG and DSIT.
    For additional information about how to do this, click the
    article number below to view the article in the Microsoft Knowledge Base:

    250454 Error Returned Importing
    Security Template

    In Windows Server 2003, the Basicdc.inf template no
    longer exists. To reapply the default settings or to compare current settings
    with the default settings, use the "Setup security.inf" template.

  • Each domain controller must
    be able to resolve (ping) the
    fully qualified computer names of computers that are participating in the
    replica set.

    For SYSVOL, this means pinging the fully qualified
    computer name of all domain controllers in the domain. Confirm that the address
    that is returned by the ping command matches the IP address that is returned by IPCONFIG
    at
    the console of each replica set partner.

  • The FRS service must have created an NTFRS jet
    database.

    Run the DIR \\computername\Admin$\NTFRS\Jet command
    against each domain controller in the domain to confirm
    the existence of the Ntfrs.jdb file. The date and size of the jet database may
    be incorrect while the NTFRS service is running. This behavior is by
    design.

  • Each domain controller must be a member of the SYSVOL
    replica set.

    Run the NTFRSUTL DS [computername] command on all
    replica set members. Confirm that all domain
    controllers in the domain show up under the "SET: DOMAIN SYSTEMVOLUME (SYSVOL
    SHARE)" portion of the NTFRSUTL output. The SYSVOL Replica set and its members
    can also be displayed under cn="domain system volume",cn=file replication
    service,cn=system,dc=FQDN in the User and Computers
    (Dsa.msc) snap-in when "Advanced Features" is turned on under the View menu.

  • Each domain controller must be a subscriber of the replica
    set.

    Run the NTFRSUTL DS [computername] command on all replica
    set members. Subscriber objects appear in
    cn=domain system volume (SYSVOL share),cn=NTFRS
    Subscriptions,CN=DCNAME,OU=Domain
    Controllers,DC=FQDN. This requires that the machine
    object exists and has replicated in. NTFRSUTL generates the following message
    when the subscriber object is missing:

    SUBSCRIPTION:
    NTFRS SUBSCRIPTIONS DN : cn=ntfrs
    subscriptions,cn=W2KPDC,ou=domain
    controllers,dc=d... Guid :
    5c44b60b-8f01-48c6-8604c630a695dcdd

    Working : f:\winnt\ntfrs
    Actual Working: f:\winnt\ntfrs
    WIN2K-PDC IS
    NOT A MEMBER OF A REPLICA SET!
  • The Replication Schedule must be turned on.
  • The
    logical drive that is hosting the SYSVOL share and
    staging folder has plenty of available disk space on upstream and downstream
    partners. For example, 50 percent of the content that you are trying to
    replicate and three times the largest file size that is being
    replicated.
  • Check the destination folder and the staging folder
    (displayed in "NTFRSUTL DS") of the new replica to see if files are
    replicating. Files in the staging folder must be in the process of being moved
    to the final location. That the number of files in the staging or destination
    folder is constantly changing is a good sign as either files are being
    replicated in, or transitioned to the destination folder.

 
Gönderildi : 09/09/2008 18:07

(@Sertac.Aydemir)
Gönderiler: 9
Active Member
 

Aynı sorun ile bende karşılaştım. anck bu makalede kontrol ediceklerinden bahsediyor ve hiçbir sorun gözükmüyor. çözüm için yardımlarınızı bekliyorum arkadaşlar.

 
Gönderildi : 08/08/2010 23:20

Paylaş: