In our first post in this series, we examined the SYSVOL migration process and understood how things work at a high level during the process of migration of the SYSVOL share from the FRS service to the DFS Replication service. Windows Server 2008 includes a command line tool called dfsrmig.exe which can be used by administrators to control the process of migrating replication of the SYSVOL share from FRS to the DFS Replication service. In this post, we take a closer look at this tool. The following posts in this series will explain how to migrate replication to each of the migration states in greater detail.
The DFS Replication service’s migration tool (dfsrmig.exe) is installed along with the DFS Replication service. This tool can be executed on any domain controller, however, any operations which perform AD object creation/manipulation tasks are only allowed on Read-Write capable domain controllers (not on RODCs). An example of such tasks is the creation/deletion of both FRS and DFSR global settings required for replication activity. In such cases, the tool will always try to connect to the Primary Domain Controller’s Active Directory for processing migration related directives, and will fail if it is unable to reach the Primary Domain Controller’s Active Directory.
Pre-requisites for running the tool
The dfsrmig.exe tool is supported only on domain controllers which are running in the Windows Server 2008 domain functional level. This is because SYSVOL migration from FRS replication to the DFS Replication service is possible only on domain controllers operating in the Windows Server 2008 domain functional level.
If the dfsrmig.exe tool is executed on domain controllers which are not running in Windows Server 2008 domain functional level, the error illustrated below is displayed.
Now, let’s take a look at the command line options for the dfsrmig.exe tool. At any point, help pertaining to the command line options for the dfsrmig.exe tool can be obtained by typing ‘dfsrmig /?’ on the command prompt.
Common command line switches
These are the set of command line switches which will be used frequently during the migration process. For the most part, the remaining command line switches (called Auxiliary/Optional switches) should not be required during the course of a typical migration process.
a) SetGlobalState
Format: dfsrmig /SetGlobalState [State]
- ‘State’ corresponds to the global migration state that the administrator intends to set for the domain.
This command line switch can be used to initiate and control the migration procedure by setting the migration global state (explained in this post ) in Active Directory on the Primary Domain Controller. The value set for the migration global state drives the process of SYSVOL migration.
Active Directory replication enables the value of the global migration state to be replicated to the individual domain controllers in the domain. When the DFS Replication service on any of these individual domain controllers polls its Active Directory for configuration information, it notices the migration directive (value of the global migration state) and then takes steps locally to match its local migration state with the currently configured global migration state.
If the Primary domain controller is not available, this command fails. Since this command line switch is used to set the global migration state for the domain, the only permissible parameters to this switch are the global migration states detailed below.
|
Global Migration States |
|
|
0 |
‘START’ state |
|
1 |
‘PREPARED’ state |
|
2 |
‘REDIRECTED’ state |
|
3 |
‘ELIMINATED’ state |
NOTE: The important thing to note is that since AD replication is what causes the global migration state to be propagated to each individual domain controller, there will be latencies associated with AD replication before this global state value is ‘visible’ on all domain controllers in the domain.
b) GetGlobalState
Format: dfsrmig /GetGlobalState
This command retrieves the current global migration state for the domain from the Primary Domain Controller’s Active Directory. Once the global migration state has been set, an administrator can use this command line switch on the primary domain controller to confirm that the correct global migration state has been set.
Since this command line switch is used to retrieve the global migration state for the domain, the results obtained correspond to any of the global migration states defined in the table above.
NOTE: Since AD replication causes the global migration state to be replicated to the replica domain controllers in the domain, for consistent results, it is recommended to run this command only on the primary domain controller. To check the status of each individual domain controller, it is recommended to use the ‘/GetMigrationState’ command line switch instead.
c) GetMigrationState
Format: dfsrmig /GetMigrationState
This command retrieves local migration state related information from all the domain controllers and matches it with the current global migration state that has been set for the domain on the primary domain controller. It then proceeds to summarize the results and displays whether migration is complete or pending on all domain controllers. It also mentions which domain controllers in the domain have not yet reached the global migration state set for the domain and specifies the local migration state those domain controllers are currently in.
When all domain controllers have not yet reached the global migration state, the following kind of output is displayed.
Auxiliary/Optional command line switches
These command line switches are not required during the course of a regular migration procedure from the FRS service to the DFS Replication service. However, there are some exceptional circumstances which are described below in which these command line switches come in handy for domain administrators performing SYSVOL migration. These command line options are for the most part applicable only to read only domain controllers.
d) CreateGlobalObjects
Format: dfsrmig /CreateGlobalObjects
This command line switch is useful for creating the DFS Replication service’s global settings in Active Directory manually. Usually, it is not necessary for the administrator to run this command manually since these actions are automatically performed by the DFSR Replication service when it migrates from the ‘START’ state to the ‘PREPARED’ state.
Situations where this command line switch comes in handy are:
i. New RODC Promotion during migration: Consider that a new RODC (Read Only Domain Controller) is promoted when the domain is in global migration state 1 or 2. On a Read Only domain controller, no Active Directory changes can be made since, quite simply, the domain controller is designated Read-only. Therefore, all active directory changes required for SYSVOL migration such as creating the DFS Replication service’s global settings for replicating the SYSVOL folder are made on the Primary Domain Controller in case of RODCs. These global settings contain information required by the DFS Replication service in order to replicate the SYSVOL folder’s contents between its peer domain controllers and in the absence of these settings replication activity will be stuck without progress.
The DFS Replication service automatically performs this operation (creation of global settings for the RODC) at the time of migrating from the ‘START’ state to the ‘PREPARED’ state. However, after this state transition is complete, if any new RODCs are promoted in the domain before the end to end migration process is completed (i.e. before ‘ELIMINATED’ state is reached), then the objects corresponding to that newly added read only domain controller are not added in Active Directory. In this sort of situation, the administrator needs to manually create the DFS Replication service’s global settings for the Read Only Domain Controller using this command line switch. When this command line switch is executed, settings will be created only for those read only domain controllers which do not already have them – i.e. it will not affect the domain controllers which already have the DFS Replication service’s global settings.
ii. Missing/Deleted DFS Replication service’s global settings: If the DFS Replication service’s global settings are missing for a particular domain controller, then migration will be stuck in the intermediate migration state ‘PREPARING’ without progressing to the ‘PREPARED’ state. In such cases, this command line switch can be used to manually create the DFS Replication service’s global settings.
NOTE: Since the DFS Replication service’s global settings are created on the Primary Domain Controller in case of Read Only Domain Controllers, it will take some time for these settings to be visible on the RODC. This is because these newly created settings need to replicate from the Active Directory of the Primary Domain Controller to the RODC in question, before the DFS Replication service on the RODC is able to see and consume these settings. Therefore, it is important to consider AD replication latencies when waiting for the newly created DFS Replication service’s global settings to show up on the RODC.
Following blog posts in this series will explain the DFS Replication service’s global settings in detail so administrators know what to look for.
e) DeleteRoNtfrsMember
Format: dfsrmig /DeleteRoNtfrsMember [ Optional: RODC_Name]
- RODC_Name: Name of the Read Only Domain Controller whose FRS global settings are to be deleted.
This command line switch should also not be required in the course of a regular migration sequence. This command line switch is used in order to delete the FRS replication related global settings from Active Directory. This logic is also performed automatically by DFS Replication service during the transition from the ‘REDIRECTED’ state to the ‘ELIMINATED’ state. Since Read Only Domain Controllers cannot delete the FRS related global settings from their own Active Directory, this operation needs to be performed by the Primary Domain Controller in its Active Directory. When these changes eventually replicate in to the Read Only Domain Controller (after applicable AD Replication latencies), the DFS Replication service on the RODC is able to proceed with the process of migration.
For the most part, this automatic deletion of the FRS global settings on the Primary Domain Controller should be sufficient to handle all scenarios and migration should continue seamlessly. However, in the rare event that the automatic deletion failed for some reason, the system administrator needs to run this command manually. This command need only be run if the Read Only Domain controller is found to be stuck in the intermediate ‘ELIMINATING’ migration state for a long period of time without showing any signs of progress in migration.
If this command is run without any parameter, the FRS global settings for all RODCs are deleted. The administrator can also explicitly pass in the name of the RODC whose FRS global settings are to be deleted.
f) DeleteRoDfsrMember
Format: dfsrmig /DeleteRoDfsrMember [ Optional: RODC_Name]
- RODC_Name: Name of the Read Only Domain Controller whose DFSR global settings are to be deleted.
This command line switch should also not be required in the course of a regular migration sequence. It is used in order to delete the DFS Replication service’s global settings from Active Directory. This logic is performed automatically by the DFS Replication service during the transition from the ‘PREPARED’ state to the ‘START’ state. Thus, this applies only in case of situations where replication is being rolled back from the ‘PREPARED’ state to the ‘START’ state. On Read Only Domain Controllers, since the DFS Replication service’s global settings cannot be deleted in Active Directory, this operation needs to be performed in the by the Primary Domain Controller in its Active Directory. When these changes eventually replicate in to the Read Only Domain Controller (after applicable AD Replication latencies), the DFS Replication service on the RODC is able to proceed with the rollback process.
For the most part, this automatic deletion of the DFS Replication service’s global settings on the Primary Domain Controller should be sufficient to handle all scenarios and migration (rollback) should continue seamlessly. However, in the rare event that the automatic deletion failed for some reason, the system administrator needs to run this command manually. This command need only be run if the Read Only Domain Controller is found to be stuck in the intermediate ‘UNDO_PREPARING’ migration state for a long period of time without showing any visible signs of progress in rollback.
If this command is run without any parameter, the DFS Replication service’s global settings for all RODCs are deleted. The administrator can also explicitly pass in the name of the RODC whose DFS Replication service settings are to be deleted.
Read the Next article on SYSVOL Migration Series >>
More articles on SYSVOL Migration Series:
1:
SYSVOL Migration Series: Part 1 – Introduction to the SYSVOL migration process
3:
SYSVOL Migration Series: Part 3 – Migrating to the ‘PREPARED’ state
4:
SYSVOL Migration Series: Part 4 – Migrating to the ‘REDIRECTED’ state
5:
SYSVOL Migration Series: Part 5 – Migrating to the ‘ELIMINATED’ state
-------
