null

Смена репликации контроллеров домена c FRS на DFSR

Введение

Технология репликации File Replication Service(FRS) является устаревшей технологией репликации контроллеров домена SYSVOL, замененной на DFS Replication начиная с Windows Server 2008 R2.

Требуется уточнить текущую технологию репликации FRS или DFSR.

Описание

Для этого на контроллере домена необходимо проверить в  редакторе реестра наличие ключа HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState . Если ключ имеет значение отличное от 3 (ELIMINATED) используется FRS

Состояния миграции отображены в таблице ниже

State

Transition Process for Job Responsibilities

Migration Process for SYSVOL Replication

Start (State 0)

Before deciding to retire or leave, the employee handles all of the responsibilities of the job.

Before SYSVOL migration begins, FRS replicates the SYSVOL shared folder.

Prepared (State 1)

The first employee continues working while the new employee shadows the first employee, learning how to perform the work. The new employee may become responsible for some minor tasks, but the first employee remains accountable for the primary responsibilities of the job.

FRS continues to replicate the SYSVOL shared folder that the domain uses, while DFS Replication replicates a copy of the SYSVOL folder. This copy of the SYSVOL folder is not used to service requests from other domain controllers.

Redirected (State 2)

The new employee takes over most of the responsibilities of the job, but the first employee remains to assist the new employee if needed.

The DFS Replication copy of the SYSVOL folder becomes responsible for servicing SYSVOL requests from other domain controllers. FRS continues to replicate the original SYSVOL folder, but DFS Replication now replicates the production SYSVOL folder that domain controllers in the Redirected state use.

Eliminated (State 3)

The first employee retires or leaves, and the new employee handles all of the responsibilities of the job.

DFS Replication continues to handle all the SYSVOL replication. Windows deletes the original SYSVOL folder, and FRS no longer replicates SYSVOL data.

 

Исполнение

  1. На контроллере домена импортировать модуль для работы с ActiveDirectory
    PS C:\Users\tune-it> import-module activedirectory
    
  2. Выполнить перевод в состояние 1 Prepared утилитой Dfsrmig
    PS C:\Users\tune-it> dfsrmig.exe /setglobalstate 1
    
    Current DFSR global state: 'Start'
    New DFSR global state: 'Prepared'
    
    Migration will proceed to 'Prepared' state. DFSR service will
    copy the contents of SYSVOL to SYSVOL_DFSR
    folder.
    
    If any DC is unable to start migration then try manual polling.
    OR Run with option /CreateGlobalObjects.
    Migration can start anytime between 15 min to 1 hour.
    Succeeded.
    
    Now you wait for this AD value on the PDCE to converge on all domain controllers, then for DFSR to switch to Prepared state on each domain controller and update AD, and finally for that value to replicate back to the PDCE. Use the following command to see progress:
    
    
  3. Проверить перевод в состояние 2 Prepared с выводом 
    PS C:\Users\tune-it> dfsrmig /getmigrationstate
    
    All Domain Controllers have migrated successfully to Global state ('Prepared').
    Migration has reached a consistent state on all Domain Controllers.
    Succeeded.
    
    Вывод в ходе подготовки может быть подобным. необходимо дождаться завершения
    PS C:\Users\tune-it> dfsrmig /getmigrationstate
    
    The following Domain Controllers are not in sync with Global state ('Prepared'):
    
    Domain Controller (Local Migration State) - DC Type
    ===================================================
    
    AD_DC02 ('Start') - Writable DC
    AD_DC01 ('Start') - Primary DC
    AD_DC04 ('Start') - Writable DC
    
    Migration has not yet reached a consistent state on all Domain Controllers.
    State information might be stale due to AD latency.
    
  4. Выполнить перевод в состояние 2 Redirected утилитой Dfsrmig
    PS C:\Users\tune-it> dfsrmig.exe /setglobalstate 2
    
    Current DFSR global state: 'Prepared'
    New DFSR global state: 'Redirected'
    
    Migration will proceed to 'Redirected' state. The SYSVOL share
    will be changed to SYSVOL_DFSR folder,
    which is replicated using DFSR.
    
    Succeeded.
  5. Проверить перевод в состояние Redirected с выводом  dfsrmig /getmigrationstate
  6. Выполнить перевод в состояние 3 Eliminated с выводом
    PS C:\Users\tune-it> dfsrmig.exe /setglobalstate 3
    
    Current DFSR global state: 'Redirected'
    New DFSR global state: 'Eliminated'
    
    Migration will proceed to 'Eliminated' state. It is not possible
    to revert this step.
    
    If any RODC is stuck in the 'Eliminating' state for too long
    then run with option /DeleteRoNtfrsMembers.
    Succeeded.
  7. Проверить перевод в состояние 3 Eliminated с выводом
    PS C:\Users\tune-it> dfsrmig /getmigrationstate
    
    All Domain Controllers have migrated successfully to Global state ('Eliminated').
    Migration has reached a consistent state on all Domain Controllers.
    Succeeded.

     
  8. Проверить состояние утилитой DCDIAG
    PS C:\Users\tune-it> Dcdiag /e /test:sysvolcheck
    
    Directory Server Diagnosis
    
    Performing initial setup:
       Trying to find home server...
       Home Server = AD_DC01
       * Identified AD Forest.
       Done gathering initial info.
    
    Doing initial required tests
    
       Testing server: SpB\AD_DC02
          Starting test: Connectivity
             ......................... AD_DC02 passed test Connectivity
    
       Testing server: SpB\AD_DC01
          Starting test: Connectivity
             ......................... AD_DC01 passed test Connectivity
    
       Testing server: SpB\AD_DC04
          Starting test: Connectivity
             ......................... AD_DC04 passed test Connectivity
    
    Doing primary tests
    
       Testing server: SpB\AD_DC02
          Starting test: SysVolCheck
             ......................... AD_DC02 passed test SysVolCheck
    
       Testing server: SpB\AD_DC01
          Starting test: SysVolCheck
             ......................... AD_DC01 passed test SysVolCheck
    
       Testing server: SpB\AD_DC04
          Starting test: SysVolCheck
             ......................... AD_DC04 passed test SysVolCheck
    
    
    
    
       Running partition tests on : DomainDnsZones
    
       Running partition tests on : ForestDnsZones
    
       Running partition tests on : Schema
    
       Running partition tests on : Configuration
    
       Running partition tests on : tune-it.ru
    
       Running enterprise tests on : ad-test.tune-it.ru
    
    

После завершения необходимо проверить инастроить настройки репликации и топологию между контроллерами домена в оснастке Active Directory Sites and Services.