Tuesday, June 16, 2009

DFS-R Migration







In writing this blog I chose this topic of discussion due to the fact that a client of mine is migrating to a Windows 2008 Active Directory structure. In this forest many site exist where WAN links are unpredictable, slow with hi latency issues. Making this switch will only benefit the customers replication scheme and produce a better experience.


There's allot of reading material in this topic of discussion, but my attempt is to relay (hopefully the most obvious) topics of how and why we want to migrate too DFSR in its most condensed version.


Terminology:

File Replication Service (FRS): The method of replicating SYSVOL share data between Windows domain controllers. Used in Window 2k & Win2k3.

Distributed File System Replication(DFSR): The method of replicating SYSVOL share data between domain controllers in a Win2k8 Domain Functional Level domain.

Primary domain Controller: The domain controller hosting the PDC Emulator FSMO

Dfsrmig.exe: The utility to initiate state of operation in the domain to eventually migrate from FRS to DFSR (4 states of operation).



Why migrate to DFSR?

Efficient file replication
Available monitoring tools
Scheduling
Differential replication of changes

How?

All domain controllers must be Windows Server 2008 and Windows 2008 domain functional level must be specified.

Global States (See below) (States represent your migration path)

Start (0)

(FRS is primary replicating SYSVOL data)


Prepared (1)

(FRS is replicating SYSVOL data, but DFSR is incorporated to replicate FRS copied data to DFSR peers)


Redirected(2)

(DFSR is replicating SYSVOL data, but FRS is incorporated to replicate SYSVOL data to non DFSR peers)



Eliminated (3)

(DFSR is replicating SYSVOL data)



Task:

Verify the domain is at Windows Server 2008 Domain functional level.(All domain controllers must be Win2k8) In Active Directory Domains MMC, Right click the domain and select "Raise Domain Functional Level"

Backup the SYSVOL Share on the PRIMARY domain controller

Verify DFSR is installed and running on all domain controllers

A) Verify replication is working between all domain controllers
(Change your AD account web page attribute (or any attribute) and connect to all DC's and verify changes replicated)

B) Verify all domain controllers are sharing the SYSVOL share
Run \\servername (SYSVOL should be available)

** Run the example command on the PRIMARY domain controller in the domain. (Moving to the PREPARED STATE)
dfsrmig /setGlobalState 1

C) Force Active Directory replication on a domain controller
(‘repadmin /syncall /AeD’)

D) Force the DFS Replication service to poll Active Directory
(‘dfsrdiag PollAd /Member:DCNAME’)

E) Verify all domain controllers are in the PREPARED STATE


dfsrmig /GetMigrationState (Get local DC specific state)
(SYSVOL data & ACL is copied into the newly created ‘SYSVOL_DFSR’ folder)
(‘HKLM\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating SysVols\Local State’ will exist)

Check the event viewer for DFSR or FRS errors

At this state (PREPARED), FRS is still being utilized for SYSVOL replication and DFSR is being utilized for "SYSVOL_DFSR" folder content replication. If all indications appear normal I would suggest waiting a day or two between states.
All Active Directory information is primarily dependant of your environments replication. If any domain controller does not receive the PREPARED STATE information, investigate possible replication / connectivity issues. Do not move to the REDIRECTED state.

Special Note: dfsrmig /CreateGlobalObjects (In short, if the prepared state is initiated, then RODC "READ ONLY DOMAIN CONTROLLERS" are introduced before getting to the Eliminated state, this command must be run on each RODC)

Special Note: State rollback is possible but not when the ‘ELIMINATED’ state is initiated.

Special Note: dfsrmig /getGlobalState (Get the Primary domain controller AD value)

---------------------------------------------------------------

Moving forward, perform TASK item A & B before initiating the REDIRECTED state.

** Run dfsrmig /setGlobalState 2

Perform TASK item C & D

Verify all domain controllers are in the REDIRECTED STATE
** Run dfsrmig /GetMigrationState

Check the event viewer for DFSR or FRS errors

The SYSVOL share replication is now the ‘SYSVOL_DFSR’ folder making DFSR the primary replication mechanism.


NOTE: FRS is replicating SYSVOL content as well.

--------------------------------------------------------------------


Special Note: rollback is not possible when the ‘ELIMINATED’ state is initiated.

Moving forward, perform TASK item A & B before initiating the ELIMINATED state.

** Run the example command on the PRIMARY domain controller in the domain. (Moving to the ELIMINATED STATE)
dfsrmig /setGlobalState 3

Perform TASK item C & D

Verify all domain controllers are in the ELIMINATED STATE
dfsrmig /GetMigrationState (Get local DC specific state)

Check the event viewer for DFSR or FRS errors

DFSR is the only replicating mechanism for the SYSVOL share.
All newly introduced domain controllers will default to DFSR.


www.touchysoftwaresolutions.com















































Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)