I recently encountered a peculiar situation with one of our Domain Controllers (DCs). Normally, we set SysVol on a separate data drive (D:), but it turns out that one DC flagged for having outdated Group Policy Objects (GPOs) is showing SysVol replicated in the default C:WindowsSYSVOL location. However, the actual active share is on the D: drive. I'm considering pushing for a demotion and a fresh build of this DC to ensure everything is set up correctly. But if that plan gets shot down, I'm uncertain of how to get it replicating to the preferred D: drive location without resorting to starting over. Any insights or experiences with this sort of issue?
5 Answers
Having SysVol and NTDS on separate volumes is generally better for performance, mainly because of write caching benefits. So it's a good setup to aim for! Not sure what went wrong during the build in your case, though.
For Azure DCs, the recommendation is to create a separate virtual disk for the database, logs, and SysVol folder. Don't mix these up with the OS disk. Make sure to adjust caching settings on the data disk as necessary to avoid conflicts with Active Directory's requirements.
I haven't run into this exact issue before, but it seems possible to adjust things using registry edits and some direct directory tweaks with tools like ldp. There’s a guide from Microsoft that details how to relocate the SysVol tree for replication. That said, I really wouldn’t recommend it—it sounds risky. I'd stick with the demote and rebuild approach like you were thinking.
Thanks for the link! I'm definitely leaning towards the demote and rebuild since it feels safer than experimenting with potential risks.
Honestly, I think DCs are designed for quick deletions and recreations rather than getting bogged down with fixes. Each time I've had to troubleshoot, I've found that just deleting and recreating the DC is way quicker and more effective, especially if you've got deployment templates ready.
Exactly! It just seems like a lot of unnecessary effort to fix this when starting fresh might be simpler.
A few years back, we had a contractor suggest this layout, and we opted against it after doing some research. No idea why he thought it was needed. Seems unnecessary.
Interesting! I suppose keeping the OS separate from NTDS does have its advantages, especially for larger setups.
Yeah, that’s the preferred setup for us too. Just baffled by how this one ended up this way!