Accidental deletion of Sysvol folder

More info Click here

The term SYSVOL refers to a set of files and folders that reside on the local hard disk of each domain controller in a domain and that are replicated by the File Replication service (FRS). Network clients access the contents of the SYSVOL tree by using the following shared folders:


Difference between Authoritative and Non-Authoritative restore of Active Directory

Non-Authoritative : Non-Authoritative method will restore an active directory to the server in which the restore is being done and will then receive all of the recent updates from its replication partners in the domain.

Authoritative : Authoritative method restores the DC directory to the state that it was in when the backup was made, then overwrites all the other DC’s to match the restored DC.

Restore process


You have to stop the NT File Replication Service (NTFRS) service, and then set the startup type for NTFRS to Manual on the domain controller where you want to perform the non-authoritative restore. This prevents the service from starting unintentionally while this operation is performed.

To force a non-authoritative restore of the data in the Sysvol folder on a domain controller, follow these steps.

Start a command prompt. To do this, click Start, click Run, type cmd, and then click OK.

  1. At the command prompt, type net stop ntfrs, and then press ENTER.
  2. Click Start, click Run, type services.msc, and then click OK.
  3. In the Services snap-in, double-click File Replication, click Manual under Startup Type, click Apply, and then click OK.
  4. Click Start, click Run, type regedit, and then click OK.
  5. Locate and then click the BurFlags value under the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  6. IF the key that is mentioned in step 6 does not exist, create it. To do this, click Edit, click New, click DWORD Value, type BurFlags, and then click OK.
  7. In the right pane, right-click BurFlags, click Modify, In the Edit DWORD Value dialog box, type D2 to complete a nonauthoritative restore or type D4 to complete an authoritativerestore, and then click OK.
  8. Locate and then expand the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Sysvol Seeding\Domain System Volume (Sysvol share)
    Note: If this registry entry does not exist, you must create it.
  9. On the Edit menu, click New, click String Value, type Replica Set Parent, and then clickOK.
  10. In the right pane, right-click Replica Set Parent, click Modify, type the name of a domain controller that has the Sysvol data that you want to replicate in the Value data box, and then click OK.
  11. Quit Registry Editor.
  12. At a command prompt, type net start ntfrs, and then press ENTER.
  13. Click Start, click Run, type services.msc, and then click OK.
  14. In the Services snap-in, double-click File Replication, click Automatic under Startup Type, click Apply, and then click OK.




Author: MStechJi

IT professional with 8.5 years of experience in providing Remote Infrastructure Support in Windows Server environment including MS Azure. Intent to increase my knowledge and experience and share some tips and tricks I’ve learnt along the way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s