Migrating SYSVOL AD Replication from FRS to DFS

The SYSVOL folder on any Active Directory domain controller stores Group Policies settings and templates, scripts, and other objects that the AD or GPO administrator placed there. And each domain controller has its own copy of GPOs, which over time is synchronized with other domain controllers in the domain. Replication is used to synchronize the contents of the SYSVOL directory between DCs, and replication is not provided by AD, but by using NtFRS (File Replication Service) or DFS-R service. Replication is multi-master, i.e. the source of change can be any domain controller. If changes occurred on multiple controllers, the last change will take precedence.

In Windows Server 2003 (and earlier), to replicate SYSVOL folder in the domain the FRS technology was used, but in Windows Server 2008 R2, this replication technology was deprecated and Microsoft recommends to use DFS replication, because FRS is not a reliable file replication technology.

In addition, you cannot add a new DC with Windows Server 2016 to the domain that the FRS service uses for replication of SYSVOL:

Windows Server version 1709 can no longer be added as an Active Directory domain controller (DC) to an existing domain that is still using File Replication Service (FRS) for replication of the SYSVOL share.


If you add a new DC with Windows Server 2008/2012 R2 to your Active Directory domain built on the Windows Server 2003, it still uses the File Replication service (NtFRS) for Group Policy replication.

You can switch to the DFS replication technology of the SYSVOL catalog in accordance with this article.

We will use the AD for Windows PowerShell module:

import-module activedirectory

First you need to check what type of replication is used in your domain. Check the current status with the command:

dfsrmig /getglobalstate

If this command returns “DFSR migration has not yet initialized. To start migration please set global state to desired value”, this means that the FRS to DFS migration has not yet been performed. Otherwise, a message will appear: “The current domain functional level is not Windows Server 2008 or above. DFSRMig is only supported on Windows Server 2008 or above level domains”. This means that you first need to upgrade your AD domain functional level to Windows Server 2008 or higher.


After you update the domain functional level, force a full replication of Active Directory partitions on each domain controllers using the Repadmin tool.

Repadmin /syncall /force /Aped

Check the replication and sysvol directory status:

repadmin /showrepl
Dcdiag /e /test:sysvolcheck /test:advertising

The migration process of replicating SYSVOL to DFS consists of 4 stages:

  • State 0: Start
  • State 1: Prepared
  • State 2: Redirected
  • State 3: Eliminated

Now let’s move on to the first phase of migration (global state: Prepared). Run the command:

dfsrmig /setGlobalState 1

And check the status of the domain controllers. All DC must be in Prepared state:

dfsrmig /getmigrationstate

dfsr migration has not yet initialized

After that, we proceed to the second phase—Redirected.

dfsrmig /setGlobalState 2

Similarly, make sure that all DCs are in the Redirected state with the command:

dfsrmig /getmigrationstate

Now go to the third phase—Eliminated (Warning. This state can not be canceled!).

dfsrmig /setGlobalState 3

Check the status with the command:

dfsrmig /getmigrationstate

Wait until the following text appears in the results:

All Domain Controllers have migrated successfully to Global state (‘Eliminated’).


Migration has reached a consistent state on all Domain Controllers.


As a result, the SYSVOL directory will be migrated to the SYSVOL_DFSR folder. Now for replication SYSVOL used the DFS service.

Check replication status with the Dcdiag:

Dcdiag /e /test:sysvolcheck
I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.