Active Directory

What is Sysvol folder in Active Directory

Sysvol folder

Hello All,

Hope this post finds you in good health and spirit.

This article is related to Sysvol, replication and its folder structure.

Sysvol folder

Sysvol folder is a shared folder that store the group policies information along with login scripts or we can say its contain the public files of domain controllers and every domain users has rights to access the sysvol folder and its contents in read only mode.it store the GPT- group policy template that means group policy related information store in this folder, Not all the information but one part of group policy -GPT .

The default file location is C:\Windows\SYSVOL but it can be change during the DC setup.

C:\Windows\SYSVOL 

The SYSVOL folder can be accessed through its share \\domainname.com\sysvol or the local share name on the server \\servername\sysvol.

Sysvol Replication and why Sysvol is important?

Sysvol is an important component of Active Directory.
The Sysvol folder is shared on an NTFS volume on all the domain controllers in a particular domain. Sysvol is used to deliver the policy and logon scripts to domain members.it replicates all the group policies from one domain to another domain controllers in particular domain. Sysvol replication is happening by DFSR or FRS replication.

File Replication Service

FRS is a replication method with multiple masters and threads. This implies that changes can be made on any server that is a part of the replication set. It was originally made available in Windows 2000 to replace the LMREPL technology that had previously been utilised in NT3.x and 4 days. Although Server 2008R2 and above still support FRS It’s not really advised, and you should probably switch to using DFS-R instead.

Distributed File System – DFS-R

New domains built on Windows 2008 or later by default replicate their SYSVOL using DFS-R. The domain will continue to use FRS replication until it switches to DFS-R, but an upgrade from 2003 to 2008 or above won’t. You should adhere to the instructions listed here Jump if you’re interested in switching from FRS to DFS-R. As long as you precisely follow the instructions and don’t try to skip stages, it’s a rather painless exercise. DFS-R performs quite identically to FRS, and Microsoft was gracious enough to include some wonderful auto-healing features to address some of the problems .

SYSVOL Folder Structure

There are junction points, files, and directories in the SYSVOL folder. To share the appropriate directories with users and clients, SYSVOL essentially uses DFS. Let’s examine a typical SYSVOL folder.

We can see four folders: SYSVOL, domain, staging, and staging regions. We will focus on the domain and SYSVOL folders for the time being.

Sysvol
|____
| |____Policies
| |____Scripts
| |____ DO_NOT_REMOVE_NtFrs_PreInstall_Directory
| |____ NtFrs_PreExisting___See EventLog
|
|____Enterprise
| |____Policies
| |____Scripts
|
|____Staging
| |____Domain
| |____Enterprise
|
|____Staging Areas
| |____Enterprise (junction> = SysvolStagingEnterprise)
| |____Your Domain Name (junction> = SysvolStagingDomain)
|
|____Sysvol
| |____Enterprise (junction> = SysvolEnterprise)
| |____Your Domain Name (junction> = SysvolDomain)

Junction point

A junction point is an actual location on a hard drive that points to data that is stored on another storage device or elsewhere on the hard drive. Junction points have a folder-like appearance and behaviour, but they are not folders. A link to another folder can be found at a junction point. The junction point automatically leads a programme to the folder to which the junction point is linked when a programme accesses it.

You can also view this in command prompt by going to the SYSVOL folder and typing DIR. You’ll find some of the folders are presented as all are junction points when you do this. If you open a %systemroot%SYSVOLsysvol, it really opens the content in %systemroot%SYSVOLdomain.

%systemroot%SYSVOL\staging domain name pointing to %systemroot%SYSVOL\staging\domain

%systemroot%\SYSVOL\sysvol pointing to %systemroot%\SYSVOL\domain

Staging Folder

Every time you modify a GPO setting, the associated policy folder in SYSVOL is modified, and this change has to be replicated to additional replication members (domain controller). Changed files and folders are replicated to downstream partners in a queue that is represented by the staging folder.

The downstream partners use restoration APIs to recreate the staging files in the preinstall folder after FRS produces a file in the staging folder based on the modification and replicates it to them. The whole file is then transferred from the staging folder to the preinstall folder.

Scripts Folder

All of the login/logoff scripts used by the various policies are stored in the Script Folder.

Policies Folder

The Group Policy Templates folder will be created on the SYSVOL share under the policy folder and will include the group policy settings linked to the newly created Group Policy. The name of the GPT folder will be the Globally Unique Identifier (GUID) of the GPO that you created.

Preinstall folder

The DO NOT REMOVE NtFrs PreInstall Directory is everything that is contained in the preinstall folder. a file found below the replica root (Domain folder). The staging folder of the upstream partner is used to replicate files and folders. The target location in the replica tree is changed to the original name after the file or folder has been fully replicated. such that files that aren’t fully built are hidden in the replica tree.

Pre-existing folder

NtFrs PreExisting See EventLog, a pre-existing folder, is an option that is found beneath the replica root (Domain folder). It might not come with default access like other directories. One of the explanations listed below is most likely true if the pre-existing folder is present on a replica member.

Restoring Active Directory:
• SYSVOL D2 (also known as non-authoritative restore):
The server underwent pre-stageing before being incorporated into the replica set.

When replication is successfully completed, FRS typically copies any existing data in the replica tree to the pre-existing folder, gets the updated replica tree from one of the upstream partners, and then deletes the items in the pre-existing folder.

So, that’s all in this blog. I will meet you soon with some other stuff. Have a nice day !!!

So, that’s all in this blog. I will meet you soon with next stuff .Have a nice day !!!

Recommended contents

RODC Installation Guide- Step by step guide to install read only domain controller

RODC Filtered Attribute Set

Installing and configuring a RODC in Windows Server-2012

How to find the GUID of Domain Controller

Understanding Group Policy Preferences

Group Policy Verification Tool GPOTool Exe

Group Policy Health Check on Specific Domain Controller

What is Netlogon Folder in Active Directory

Create Custom Attributes in Active Directory

Check the Tombstone Lifetime of My Active Directory Forest

Determine a Computers AD Site From the Command Line

Check the Active Directory Database Integrity

Check the Active Directory Database Integrity

Disabling and Enabling the Outbound Replication

DFS Replication Service Stopped Replication

What is Strict Replication Consistency

The replication operation failed because of a schema mismatch between the servers involved

Troubleshooting ad replication error 8418 the replication operation failed because of a schema mismatch between the servers

How to export replication information in txt file

Repadmin Replsummary

Enabling the outbound replication

Guys please don’t forget to like and share the post.Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them .

You can also share the feedback on below windows techno email id.

If you have any questions feel free to contact us on admin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.

 

How useful was this post?

Click on a star to rate it!

As you found this post useful...

Follow us on social media!

Was this article helpful?
YesNo

Vipan Kumar

He is an Active Directory Engineer. He has been working in IT industry for more than 10 years. He is dedicated and enthusiastic information technology expert who always ready to resolve any technical problem. If you guys need any further help on subject matters, feel free to contact us on admin@windowstechno.com Please subscribe our Facebook page as well website for latest article. https://www.facebook.com/windowstechno
Back to top button