Sysvol and Netlogons folder is not created after FSMO role transfered to new DC

blog.payperitem.com,

If the SYSVOL and NETLOGON folders are not created on a domain controller after transferring FSMO roles (especially the PDC Emulator and Infrastructure Master), it usually indicates that SYSVOL replication (DFSR or FRS) did not initialize properly on the new DC. Here’s a detailed troubleshooting guide to fix this.

✅ 1. Check if the DC is properly promoted

Make sure the domain controller that received FSMO roles is fully promoted.

dcdiag /v /c /d /e > dcdiag.txt

Look for replication, DNS, and SYSVOL/NETLOGON registration issues.

✅ 2. Check SYSVOL share status

Run this on the affected DC:

net share

You should see:
  • NETLOGON (\<DCName>\NETLOGON)
  • SYSVOL (\<DCName>\SYSVOL)

If they are missing, it usually means the replication service hasn’t initialized or completed.

✅ 3. Check DFS Replication status (for DFSR environments)

Run:

fsrdiag pollad

Then:
repadmin /replsummary
repadmin /showrepl

And:

fsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /sendingmember:<SOURCE_DC> /receivingmember:<NEW_DC>

Also:

Get-DfsrReplicationGroup

If the replication group "Domain System Volume" is not initialized, that’s your issue.

✅ 4. Force SYSVOL Initialization (DFS-R)

If DFS-R was not initialized properly, you can use DFSRSYSVOL to manually trigger the process. Run this on the new DC:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating SysVols" -Name "Start" -Value 1

Or if starting fresh:

dfsrdiag PollAD

To create the SYSVOL folder and initialize it manually:
  1. Stop the DFSR service: stop dfsr
  2. Set the DC to be authoritative: cd "C:\System Volume Information\DFSR" del /f /q *
  3. Set authoritative restore flag: reg add "HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Parameters" /v "SysvolReady" /t REG_DWORD /d 1 /f
  4. Restart DFSR: net start dfsr
  5. Monitor Event Logs:
    • Look for Event ID 4602 in the DFSR log — this indicates SYSVOL is initialized.

✅ 5. Check if using FRS (legacy, deprecated)

On older domains (Windows Server 2008 era), FRS might still be used.

Check using:

ntfrsutl ds

If using FRS:
  1. Ensure the NTFRS service is running: net start ntfrs
  2. Force an initial sync:
  3. ntfrsutl forcerepl <DCName> <ReplicaSet> <PartnerDC>

✅ 6. Check SysvolReady Registry Key

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady"

If it returns 0, set it to 1:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady" -Value 1

Then restart Netlogon:
net stop netlogon
net start netlogon

✅ 7. Verify SYSVOL folder exists

Check:

C:\Windows\SYSVOL\domain
If empty or missing, replication didn't complete or start.

✅ 8. Restore from healthy DC (if needed)

If all else fails, you might need to demote and re-promote the DC, or force a non-authoritative/authoritative sync from a known good DC.

Active Directory Server 2025 Windows

Related Posts

Deep insight knowledge of lansweeper

Lansweeper is a popular network management and IT asset discovery tool used by organizations to manage their IT infrastructure more effectively. It provides capabilities for network scanning, asset management, reporting, and troubleshooting. Below is a deep dive into its functionalities, features, and best practices for deploying and utilizing Lansweeper in…

Read More

RADIUS server on Active Directory

To configure a RADIUS server on Active Directory, you typically use Network Policy Server (NPS), which is Microsoft’s implementation of a RADIUS server and proxy. It integrates tightly with Active Directory to authenticate, authorize, and account (AAA) for network access requests (e.g., VPN, Wi-Fi, 802.1X switch ports, etc.). Here’s a…

Read More