I'm not super active here, so apologies if this comes off as spam. We've got a domain controller (DC) on Server 2016 and just added a new one on Server 2025. Replication seems fine, and we're prepping to transfer FSMO roles, but I'm running into a snag. The Netlogon and Sysvol shares are missing when I check with 'net share'. After some digging, it appears the old and new DCs aren't communicating on the required DFSR ports. I initially thought firewall rules would solve it, but it turns out the previous admin locked the old DC's network profile to public, which I can't change due to persistent error messages. I even tried creating the shares manually, but as soon as the Netlogon service starts, those shares are wiped. So I'm wondering if I should invest time fixing this issue or just move the domain to a cloud-based system. I'd prefer to keep it on-prem if possible, but I'm concerned it might be more trouble than it's worth. Any thoughts?
1 Answer
Could be that your old 2016 DC is tombstoned for replication, especially if it didn’t have another partner. Try restarting the DFS Replication service on the old DC and check the event logs for errors. You can find them under Applications and Services Logs > Microsoft > DFS Replication. If you find issues, I can help you out with the fix!
If you need to do an authoritative restore, start by backing up the C:windowssysvol folder, then follow this link for a step-by-step guide: https://youtu.be/cuMm4q0nnsY.