I just posted a new article to the GP Team blog on how to fix SYSVOL and Default Domain policies. Have to say its not pretty if youre in that situation, especially in the SYSVOL failure space. I briefly discussed at the end of that article to not use that SYSVOL practise should you have DFS-R replicating the SYSVOL. How do you do this in the first place?? Heres quite a good discussion on it. It also gives you some insight into recovery, which I dont believe we have published any guidance into as yet.
To save you time, heres what I wrote there so you dont have to click links around…
“…We have stated a number of times through a number of forums that its not a great practice to muck around with the Default Domain Policy and the Default Domain Controllers Policy. In fact its actually a really bad practice…same goes with the SYSVOL. Just dont screw around with it.
We recommend if you want to apply policy specifically at the domain level or to your DC’s that you create your own policies and put them side by side and dont touch the preexisting ones.
So what happens if you have done this and now want to restore the default policies back?
Theres a tool called DCGPOFix. All this does is restore the Default GPO’s back to their defaults. For Windows 2000 you can download it. For Windows Server 2003 and 2008 its built in – so dont download and install the older one. There are a couple of issues here and here that you need to be aware of.
What happens if Ive trashed SYSVOL?
To (basically) recreate SYSVOL:
1. The best idea is to recreate it from another DC – like this article says.
Err…my SYSVOL is a little more trashed than that??
Im sorry to hear that. Heres the advanced Information to recreate SYSVOL.
If that basic guide doesnt work properly or you dont have a DC to get it from, you will need to do a manual recreation. This isnt easy and is considered last resort information. Heres the guide for it. Essentially this will follow you through a manual step by step guide on how to setup everything in it and get FRS working again. Note that this is FRS, not the newer DFS-R replicator. If you are using DFS-R to replicate SYSVOL – DO NOT use this method as you will likely wreck your SYSVOL. Once it has been switched it has to stay that way….”