Relocating SYSVOL Manually

  • Article

Applies To: Windows Server 2008, Windows Server 2008 R2

If you want to move all folders in the SYSVOL directory, you can relocate these folders manually. You must carefully copy all folders and retain the same level of security at the new location.

Warning

The recommended method for relocating SYSVOL is to remove Active Directory Domain Services (AD DS) and then reinstall AD DS with the new SYSVOL path. Because of the potential for error, we do not recommend relocating SYSVOL manually.

If you choose to move SYSVOL manually, you first copy the entire folder structure to a new location; then, you update the SYSVOL junction point and the parameters that are stored in the registry and in AD DS. As an option, you can relocate the staging areas subdirectory only. For information about relocating the staging areas subdirectory, see Relocating the SYSVOL Staging Area.

Important

Before you relocate all or part of SYSVOL, be sure to inform domain administrators that you are doing so and that they should not make any changes in the SYSVOL directory until the move is complete.

Relocating SYSVOL can alter security settings if you do not use a copy method that retains file ownership and access control list (ACL) settings. The copy method that is described in this procedure retains security settings. After you move the SYSVOL tree, verify that the security settings on the relocated SYSVOL folders match the settings on the original SYSVOL folder structure. As an alternative, you can reapply security settings on the moved SYSVOL.

When you have completed SYSVOL relocation, force replication from the updated domain controller to a replication partner in the domain.

Task requirements

The following tools are required to perform the procedures for this task:

  • Active Directory Sites and Services

  • Net.exe

  • Dcdiag.exe

  • Event Viewer

  • ADSI Edit

  • Regedit.exe

  • Dir.exe

  • Windows Explorer

  • Robocopy.exe

    To prevent conflicts, use the updated version of Robocopy available in Microsoft Knowledge Base article 979808.

  • Mklink.exe

  • If you choose to reapply security settings manually, the following additional tools are required:

    • Notepad.exe

    • Secedit.exe

To complete this task, perform the following procedures:

  1. Identify Replication Partners

  2. Check the Status of the SYSVOL and Netlogon Shares

  3. Verify Active Directory Replication

  4. Gather the SYSVOL Path Information

  5. Stop the DFS Replication Service and Netlogon Service

  6. Change the SYSVOL Netlogon Parameters

  7. Copy SYSVOL to a New Location

  8. Create the SYSVOL Root and Staging Areas Junction Point

  9. Change the SYSVOL Root Path or Staging Areas Path, or Both

  10. Reapply Default SYSVOL Security Settings

    You can use this procedure if you want to reapply the default security settings to the SYSVOL directory. However, if you use the Robocopy command that is specified in Copy SYSVOL to a New Location, file ownership and access control list (ACL) settings are retained on the copied SYSVOL folders and files, and reapplying security settings is not required.

  11. Start the DFS Replication Service and Netlogon Service

  12. Verify SYSVOL is shared in the new location

  13. Force Replication Between Domain Controllers

After all these steps are complete and you verify replication succeeds, delete the original location of SYSVOL so only the new SYSVOL folder exists on the domain controller. By default, administrators are denied from deleting SYSVOL. You need to grant full control on all files, folders, and subfolders before you can complete the deletion.