Non-authoritative SYSVOL restore (FRS)


When you are working in Active Directory environment you may fall into this problem, especially in case where you have many Domain Controllers. Sometimes you may figure out that one or more Domain Controllers are out of date with SYSVOL replication.

Each Domain Controller has its own folder where GPOs and scripts are saved. This folder is located under %WINDIR%SYSVOLdomain (by default, if you changed that location during DC promotion, you need to refer to your own location).

There are 2 folders:

  • Policies where Group Policies are saved (%WINDIR%SYSVOLdomainPolicies)
  • Scripts where logon scripts or other files are saved (%WINDIR%SYSVOLdomainScripts shared as NETLOGON)

If a DC does not replicate SYSVOL you can see that some Group Policies (GPOs) or scripts are not available on DC(s) in SYSVOLdomain folder on particular DC. Another symptom may be that all GPOs are in place but they are not updated.

When you notice one of these behaviors, you would need to do non-authoritative SYSVOL restore which re-deploys SYSVOL data from working Domain Controller (holding PDC Emulator operations master role).

How to be sure if you need non-authoritative SYSVOL restore? There is no simple answer because that depends on the size of your Active Directory and number of Domain Controllers.

When we can decide to start this kind of retore ?

  • one DC out of couple does not replicate SYSVOL
  • a few DCs out of many do not replicate SYSVOL
  • more than few but less than 50% of them do not replicate SYSVOL

above examples are typical scenarios for non-authoritative SYSVOL restore.

Let’s see how you to do that.

First of all, you need to find out which DC or DCs does/do not replicate SYSVOL. Then you have to start SYSVOL restore.

When you see an empty SYSVOL, this may suggest that Domain Controller initialization where not finished after server was promoted. Active Directory database was replicated but SYSVOL was not. In this case, you can simply perform non-authoritative restore and SYSVOL should be replicated.

Empty SYSVOL folder

Empty SYSVOL folder

Another case is when DC, is not up to date with SYSVOL. Some policies are missing and non-authoritative SYSVOL restore would be helpful.

Missing Group Policies under SYSVOL

Missing Group Policies under SYSVOL

When you log on to Domain Controller with PDC Emulator operation master role, you should see that there are more policies than on those faulty Domain Controllers

All Group Policies on DC with PDC Emulator role

So, you can see that those Domain Controllers need SYSVOL restore to have all data up-to-date.

Now, it’s time to play with non-authoritative SYSVOL restore. Log on to the DC which is out of replication with SYSVOL and stop File Replication Service (NtFRS) from command-line/elevated command-line. Type

net stop ntfrs
Stopping File Replication Service

Stopping File Replication Service

Now, you need to change some setting in Windows registry.

Warning! Be careful, do not change other entries than showed in this artcile, you may destroy your server!

You need to open registry editor from run box

Executing registry editor

Executing registry editor

Now, you need to find below key:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNtFrsParametersBackup/RestoreProcess at Startup
BurFlags value location

BurFlags value location

and change BurFlags value from 0 to D2 (hexadecimal) by editing it

Changing BurFlags value

Changing BurFlags value

Before you will start FRS service, I would suggest to remove all content from those 2 folders

  • %WINDIR%SYSVOLdomainPolicies
  • %WINDIR%SYSVOLdomainScripts

Note! (by default, if you changed SYSVOL location during DC promotion, you need to refer to your own location)

Warning! When you set up D2 BurFlags value, you need to know that during restoration time, your DC is prevent to be a Domain Controller! So, you need to be careful in locations/Sites where you have only single DC or you are going for authentication over WAN-link!

Now, it’s time to start File Replication Service.Β Type in command-line

net start ntfrs
Running File Replication Service

Running File Replication Service

When you refresh (F5 key) registry editor, you should see that BurFlgs values has changed back to 0

BurFlags value reset

BurFlags value reset

and you should also check “File Replication Service” event log. Please check if event idΒ 13565Β appeared. That means, server has initiated SYSVOL replication and you need to wait a while. You have to refresh event log from time to time and check if these event IDs appeared:

  • 13553
  • 13516

when you can see them, SYSVOL replication is over and your Domain Controller is up-to-date.

SYSVOL re-initialized

SYSVOL re-initialized

SYSVOL re-initialized

SYSVOL re-initialized

Verify if SYSVOL share is available on your Domain Controller, type in command-line

net share
SYSVOL share verification

SYSVOL share verification

go to %WINDIR%SYSVOLdomainPolicies and check if data is replicated

SYSVOL content verification

SYSVOL content verification

That’s all! Everything you need to do is to repeat all those steps on each Domain Controller which does not replicate SYSVOL volume.


Next part >>>

Author: Krzysztof Pytko


22 responses to “Non-authoritative SYSVOL restore (FRS)”

  1. leonardo says :

    Great info, thanks for sharing

  2. Leo says :

    Thank you for the great article! I wanted to note that “wait a while” after Event 13565 meant about 75 minutes for our domain. I was starting to think someting was wrong bu that’s how long it took for the SYSVOL folder to replicate from the good DC to the bad DC.

    • kpytko says :

      You’re welcome πŸ™‚ I’m glad it could help you.
      Yes, of course, in complex environment and where SYSVOL contains a lot of data, that might time some longer time πŸ™‚

      Finally, it was replicated and I hope everything is working fine, now

      Thank you for reading my bog.


  3. Tomasz says :

    Awesome post saved me tons of time πŸ™‚ A was pulling my hair out to try resolve issue with incostincent sysvol on ours controllers with various scripts, programs ntdsulit, repadmin, frsdiag without any luck. This is nice and effective solution and does not require visit in server room or restart computers πŸ™‚

    ps. Jeszcze raz Dzieki Krzysiek πŸ™‚

  4. Joselo Flores says :

    Your article is very helpful, I applied it step by step and it worked.
    Now my environment is fine again

    Muchas gracias

  5. freng says :

    Great! It works!

  6. janus barinan says :


    Our PDC Emulator has lesser GPOs compared to other DCs. There are other DCs that are lesser too. Is it okay to do a restore of sysvol on the PDC Emulator?

    Hoping for a reply.


  7. MDR says :

    My scenario has 2 domain controllers:
    – DC1 (has the 5 fsmo roles) and shows ERROR EVENT 13568, NTFRS – JRLN_WRAP_ERROR. This DC does not update the GPOs
    – DC2 shows WARNING EVENT 13508, NTFRS

    In this case, what do you recommend?. Move the FSMO roles to DC2 and made a non-authoritative restore in DC1?

    Or, made an autoritative restore D4 in DC2 and D2 in DC1 servers?.

    Thanks a lot.

  8. Kyle says :

    Nice article. This saved me.

  9. Lendawg says :

    Thanks for this! I had been reading dozens of articles on technet and various places about an issue with our Sysvol folder and this was by far the most clear to me.

    Thanks for putting your time and effort into this so that we may benefit from your suffering… I mean experience. πŸ™‚


  10. Craig says :

    Great article

  11. ubu_fan says :

    Thank you very much for this information i managed to fix my SYSVOL issues by simply following the steps of your post (blog).

    I must say the steps are well written and carefully explained in details for the average IT Guy and it leaves no doubt that the person who is posting/writing has great knowledge on what they are doing.

    Thanks Again!

  12. semiu says :

    what if netlogon and sysvol are not share

    when I run command ‘net share’ it show nothing
    so what can I do



  13. Diego says :

    Thank you for taking the time to do this. I can see more than HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNtFrsParameterSysVol

    I can’t see Backup/RestoreProcess at Startup. Do you have any idea why?

  14. Marcos Q says :

    Hi people, this procedure works with DFSR Service? or its only for FSR (old replication service method) ? I have DFSR running on all my servers and i need to know if this is applicable.

    Thank you in advance,


  15. luke_nct says :

    Thanks for this article. I did this on our Windows Server 2012 R2 domain. When I did this, it didn’t replicate quickly. Its a single site enviornment so it shouldn’t have been a ton of AD information. I rebooted the target server after I got the two event ID’s you described. On sign-in, I noticed that my group policy mapped drives finally applied (GREAT SIGN!!) then saw that the sysvol had finally replicated.

    I just about had a heart attack when I did net share and saw absolutely NO SYSVOL. Going to the local folder gave me more heart attacks when I saw inside the domain folder was an item that pretty much said to “check event logs”. After the reboot it cleared itself out and replicated. I compared both DC’s to one another. Everything is running good as new. Thanks again for your guide. You saved my ass.

    • luke_nct says :

      Also as an add-on, last week I upgraded the domain functional level to 2012R2 from a functional level of 2003. I don’t believe this caused the initial issue as I had symptoms of bad replication long before this functional level upgrade. Now everything makes so much more sense.

      Once again, thanks.

  16. Deepender Singh says :

    Thanks for solution. I was explored number of sites for client not responding to WSUS server. This article is very helpful for such. the solution provided in this article works 100% for me.

    Thanks again!!


Leave a Reply to Diego Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.