DC Promotion fails ‘FRS is Depreciated’

KB ID 0001579

Problem

Error seen when attempting to add a new domain controller to an existing domain;

Verification or replica failed

Verification of replica failed. The specified domain {Domain-Name} is still using the File Replication Service (FRS) to replicate the SYSVOL share. FRS is depreciated.

The server being promoted does not support FRS and cannot be promoted as a replica into the specified domain.

You MUST migrate the specified domain to use DFS Replication using the DFSRMIG command before continuing.

Solution

Before proceeding you MUST ensure all your existing domain controllers are AT LEAST Windows Server 2008. Your domain and forest functional levels should be at Windows Server 2008 (AL LEAST). It would also be a good move, to make sure all your DCs are replicating cleanly.

You need to go to one of your legacy (existing) domain controllers, and carry out the following PowerShell procedure. 

First make sure that no one’s messed about with this before, issue the following command and make sure the migration process has not been previously started;

dfsrmig /getglobalstate

DFSR Migration

Start the process.

dfsrmig /setglobalstate 1

DFSRMIG State 1 prepared

It can take a while, (even if you only have one Domain Controller!) Keep checking the status, with the command ‘dfsrmig /getmigrationstate’ until it says all the domain controllers have migrated to global state ‘Prepared‘.

DFSRMIG Prepared Completed

Change the process to state 2 (Redirected).

dfsrmig /setglobalstate 2

DFSRMIG State 2 Redirected

This typically completes a bit faster than the first state. Keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Redirected‘.

DFSRMIG Redirected Completed

Change the process to state 3 (Eliminated).

dfsrmig /setglobalstate 3

DFSRMIG State 3 Eliminated

As before, keep checking the status, with the command you originally used, until it says all the domain controllers have migrated to global state ‘Suceeded‘.

DFSRMIG Eliminated Completed

On the ‘Old‘ domain controllers, you need to disable the NTFRS service and stop it.

Set-Service ntfrs -StartupType Disabled
Stop-Service ntfrs

PowerShell Stop and Disable a Windows Service

Now attempt to promote your new domain controller again.

Related Articles, References, Credits, or External Links

NA

Author: PeteLong

Share This Post On

18 Comments

    • If you have no DCs that require it still running, then theres not need to leave it running.

      P

      Post a Reply
      • I can also confirm during the final stage (setglobalstate 3) once replicated this service is automatically stopped and disabled

        Post a Reply
  1. Pete, when migrating domain services from FRS to DFS, the SYSVOL folder gets deleted correct? That means any clients that were still launching scripts from the SYSVOL folder such as mapped drive scripts need to migrate to mapping network drives in group policy before migrating to DFS correct?

    Post a Reply
    • Not that I’m aware of? All the legacy GPOs and login scripts are in there, why do you think it would be deleted?

      Post a Reply
      • Pete/Ryan

        I have just been through this process using this guide. During the process, SYSVOL is redirected to a new folder SYSVOL_DFSR in the Windows folder.

        This is used as a staging area until the migration is complete. You can see this by using the NET SHARE command during the process.

        Following migration this is tidied up. Its a simple process and thanks Pete for the article.

        Post a Reply
  2. Can a single label domain be reconfigured to use DFS instead of FRS or this is not supported on a single labeled domain?

    Post a Reply
    • Wow that’s a good question, I don’t think I’ve ever seen an SLD? So I honestly don’t know, I’d P2V the domain controllers and test it in sandbox to be on the safe side.

      P

      Post a Reply
  3. Can I do this live during the day?
    Will it interrupt anything

    Post a Reply
    • I certainly did, (in this example,) and no one complained, temporarily the sysvol will go offline, but worse case scenario is some event ID errors will get logged on your clients.

      Post a Reply
      • I would assume you did some kind of back up first?

        Post a Reply
        • Hi Andrew, I’d like to think you are backing up your DCs anyway?

          Post a Reply
  4. I’m getting the above error while adding a 2019 Server. But we’re already DFS, so I’m not sure where the problem is. Confirmed DC’s levels are 2008 at least.

    Post a Reply
  5. Hello,

    There are two typos above:

    To get the state of the migration it says: “Keep checking the status, with the command you originally used”. Well, in fact the command is: “dfsrmig /getmigrationstate” as can be seen in the captures that wasn’t used up to that step.

    “Change the process to state 2 (Eliminated).” should be “Change the process to state 3 (Eliminated).”

    Thanks for your guides!

    Post a Reply
    • Thanks for the feedback!

      P

      Post a Reply
  6. The ntfrs service was automatically stopped and disabled for me as well. Thank you for the excellent write-up! Very helpful.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *