Sysvol and Netlogons folder is not created after FSMO role transfered to new DC

blog.payperitem.com,

If the SYSVOL and NETLOGON folders are not created on a domain controller after transferring FSMO roles (especially the PDC Emulator and Infrastructure Master), it usually indicates that SYSVOL replication (DFSR or FRS) did not initialize properly on the new DC. Here’s a detailed troubleshooting guide to fix this.

✅ 1. Check if the DC is properly promoted

Make sure the domain controller that received FSMO roles is fully promoted.

dcdiag /v /c /d /e > dcdiag.txt

Look for replication, DNS, and SYSVOL/NETLOGON registration issues.

✅ 2. Check SYSVOL share status

Run this on the affected DC:

net share

You should see:
  • NETLOGON (\<DCName>\NETLOGON)
  • SYSVOL (\<DCName>\SYSVOL)

If they are missing, it usually means the replication service hasn’t initialized or completed.

✅ 3. Check DFS Replication status (for DFSR environments)

Run:

fsrdiag pollad

Then:
repadmin /replsummary
repadmin /showrepl

And:

fsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /sendingmember:<SOURCE_DC> /receivingmember:<NEW_DC>

Also:

Get-DfsrReplicationGroup

If the replication group "Domain System Volume" is not initialized, that’s your issue.

✅ 4. Force SYSVOL Initialization (DFS-R)

If DFS-R was not initialized properly, you can use DFSRSYSVOL to manually trigger the process. Run this on the new DC:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating SysVols" -Name "Start" -Value 1

Or if starting fresh:

dfsrdiag PollAD

To create the SYSVOL folder and initialize it manually:
  1. Stop the DFSR service: stop dfsr
  2. Set the DC to be authoritative: cd "C:\System Volume Information\DFSR" del /f /q *
  3. Set authoritative restore flag: reg add "HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Parameters" /v "SysvolReady" /t REG_DWORD /d 1 /f
  4. Restart DFSR: net start dfsr
  5. Monitor Event Logs:
    • Look for Event ID 4602 in the DFSR log — this indicates SYSVOL is initialized.

✅ 5. Check if using FRS (legacy, deprecated)

On older domains (Windows Server 2008 era), FRS might still be used.

Check using:

ntfrsutl ds

If using FRS:
  1. Ensure the NTFRS service is running: net start ntfrs
  2. Force an initial sync:
  3. ntfrsutl forcerepl <DCName> <ReplicaSet> <PartnerDC>

✅ 6. Check SysvolReady Registry Key

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady"

If it returns 0, set it to 1:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady" -Value 1

Then restart Netlogon:
net stop netlogon
net start netlogon

✅ 7. Verify SYSVOL folder exists

Check:

C:\Windows\SYSVOL\domain
If empty or missing, replication didn't complete or start.

✅ 8. Restore from healthy DC (if needed)

If all else fails, you might need to demote and re-promote the DC, or force a non-authoritative/authoritative sync from a known good DC.

Active Directory Server 2025 Windows

Related Posts

Windows

Windows Answer File Generator

Windows Answer File Generator (WAFG) is a simple website that provides similar functions to Windows System Image Manager (SIM). Windows System Image Manager is the tool used to create an unattended Windows Setup answer file. Windows AFG, however, does not need the Windows Automated Installation Kit or Windows Assessment and Deployment Kit to be installed…

Read More