The Current State of SYSVOL Replication
So what is SYSVOL, how does it replicate, and why should your bank or credit union care? SYSVOL is the set of data replicated between domain controllers that contains both the files necessary to run Group Policy as well as any logon scripts used to map drives, configure printers, etc. Abbreviated as DC, a domain controller is a server on a Microsoft Windows or Windows NT network that is responsible for allowing host access to Windows domain resources. The domain controllers in your network are the centerpiece of your Active Directory service. It stores user account information, authenticates users and enforces security policy for a Windows domain – from Webopedia. For all logon scripts and Group Policy Objects to work properly, it is essential that SYSVOL be copied accurately and promptly throughout the domain. To perform this copy process, the File Replication Service (FRS) was established in Windows Server 2003. FRS was deprecated in Server 2008 R2 but is still widely used. As its replacement, Microsoft introduced Distributed File System Replication, or DFSR. Since DFSR is multitudes better than FRS, Microsoft has pushed domains forward by no longer even allowing the setup of FRS on new domains. However, any domain that has ever had a Server 2003 domain controller must be updated.
The Risks and Downsides of FRS
Before even looking at the benefits of DFSR, there are a multitude of reasons to switch just to avoid FRS. To start, FRS has been deprecated so that it receives no bug or security fixes. This means there have been no updates to this system in more than eight years. Second, FRS always copies the entire set of data, not just changes, so it causes significantly more traffic across the WAN when changes are made. Additionally, FRS has no self-repair system to resolve issues like database corruption or morphed folders. This means engineers have to respond more often to alerts to repair this system.
The Top 4 Improvements and Upsides of Using DFSR
- Contrary to FRS, DFSR is a fully supported replication system. It can replicate partial files, scale to a greater number of connections, and has mechanisms to help support slow and unstable networks.
- Unlike FRS, DFSR does not wait for a fixed interval to replicate, but is always running immediate and continuous replication.
- From a reporting standpoint, DFSR has built-in health status reports that list out any potential issue. This is especially important for the ability to quickly respond and resolve issues.
- DFSR contains many self-healing mechanisms to prevent errors in the first place. This leads to a system that is more manageable, has higher performance, is more reliable and allows for greater scale.
The Bottom Line
The need to update to DFSR is present in almost every domain. Push to complete this process as soon as possible for all the benefits available. This migration will correct any health issues in the Group Policy system, and it only takes around three hours of total time to complete. Click here to find out more about Safe Systems’ Network Monitoring and Management Services. For related information on migrating SYSVOL to DFSR, click here.