5

I recently took over a windows domain environment and found AD in poor health.

I managed to fix most of the issue, BPA shows no errors, everything seems to be working well.

Sysvol is replicating over DFSR and there are no problems there. The domain is replicating just fine. repadmin /replsum shows no errors.

The only issue I have left is that NETLOGON folder is missing. Scripts Folder is also missing from sysvol. We have two domain controllers and NETLOGON + scripts folder missing from both of them. These are the only 2 domain controllers we have.

The following is the error I get in both DCs.

Image: //static.spiceworks.com/shared/post/0024/1208/Capture.jpg

I followed this KB and nothing works. https://support.microsoft.com/en-us/help/2218556/how-to-force-an-authoritative-and-non-authoritative...

At this point I run out of things to try, does anyone have any ideas?

EDIT: Include output of dir c:\Windows\SYSVOL_DFSR\sysvol

enter image description here

Output of net share

enter image description here

Guille
  • 203
  • 1
  • 2
  • 8
  • Include the output of: `dir C:\Windows\SYSVOL\sysvol` (or C:\Windows\SYSVOL_DFSR\sysvol if the domain was upgraded from 2003). – Greg Askew Apr 16 '17 at 16:08
  • @GregAskew I Edited the question with the output of `dir: c:\windows\Sysvol_DFSR\Sysvol`. Remember i said i was using DFSR for sysvol replication. – Guille Apr 16 '17 at 16:16
  • Please post the output of the command `net share` from your DC's. – joeqwerty Apr 16 '17 at 16:33
  • Obviously the NETLOGON share will not be enabled if the scripts directory is missing. Have you tried re-creating the C:\Windows\SYSVOL_DFSR\sysvol\\SCRIPTS directory and restarting the netlogon service? – Greg Askew Apr 16 '17 at 16:34
  • @joeqwerty I posted the output in in the question as an edit. – Guille Apr 16 '17 at 16:37
  • @GregAskew Thank you for replying back. I was wondering whether I should recreate it manually or now. Is it a good idea to do that? What permissions should i give it? – Guille Apr 16 '17 at 16:38
  • 1
    If you don't re-create the folder, the NETLOGON share will not exist and the DC's will not function properly. There aren't any special permissions to assign. Alternatively, you could restore it from backup. – Greg Askew Apr 16 '17 at 16:39
  • @GregAskew You are a lifesaver. I've been researching all around and I couldn't find anything that recommended creating the folder manually. I did it and restarted netlogon and dcdiag now shows no errors. – Guille Apr 16 '17 at 16:43

5 Answers5

6

Re-create the C:\Windows\SYSVOL_DFSR\sysvol\\SCRIPTS directory.

Greg Askew
  • 34,339
  • 3
  • 52
  • 81
5

Thanks to @GregAskew I was able to solve the issue. Who would have thought that this would be something so simple.

All I did was manually create the scripts inside the C:\Windows\SYSVOL_DFSR\sysvol\<domain name>\. Didn't need to give it any permission. After that i restarted netlogon service net stop netlogon && net start netlogon and netlogon got shared automatically.

Guille
  • 203
  • 1
  • 2
  • 8
1

Similar issue on 2016 AD checked C:\Windows\SYSVOL\domain and missing 'scripts'.

Recreated the folder and restarted the NETLOG service which created the SHARE.

Prior to completing this easy task I followed this article http://www.careexchange.in/sysvol-and-netlogon-share-is-missing-in-newly-built-domain-controllers-2008r22012r2/

Adi
  • 11
  • 1
0

Creating SCRIPTS folder inside C:\Windows\SYSVOL_DFSR\sysvol<domain name>\ and after restarting service works great, error 67 is gone from dcdiag

I'm working in a domain with Windows Server 2012R2 and a Windows Server 2019

Dave M
  • 4,494
  • 21
  • 30
  • 30
lanima_deli
  • 1
  • 1
0

My scenario: New DC, so we have DC1 and now DC2. DC2 was unable to work solo without DC1. Noted netlong / sysvol shares missing.

Tried everything including Microsoft bulletin and nothing works.

My new Domain Controller was unable to work solo. No DNS problems and errors pointing what was wrong.

What did the trick for me was creating a backup and then a system restore.

In order to do that, restart the server pressing F8 after the BIOS screen and from Advanced Boot Options select "Directory Services Repair Mode".

Using the password asked when active directory was implemented we can select the "System State" option.

On the next screen, check the box "perform an authoritative restore of active directory files".

Windows will recreate the shares and fix this bizarre situation.

Hope it helps someone in the same sittuation.

Abilio
  • 1