For domains with many policies and domain controllers with slow wide area network (WAN) lines, replicating the SYSVOL share can take a long time. This is most noticeable when you promote a new domain controller at a location with slow connectivity or when you run a non-authoritative restore of SYSVOL. To speed up the process, reduce the number of files and amount of data that must be replicated in the SYSVOL share.
Because Administrative Templates (that is, .adm files) take up the most space in policies, remove them to significantly reduce the size of SYSVOL. For example, with the default Administrative Templates, each policy takes up 870 kilobytes (KB) of disk space. If you have 1,300 policies, you can reduce the size of SYSVOL from 1,100 megabytes (MB) to 35 MB (or 27 KB per policy).
You can use Group Policy settings to change the behavior of Group Policy Editor regarding .adm files in Microsoft Windows Server 2003. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Recommendations for managing Group Policy administrative template (.adm) files
Only the computer that you target with Group Policy Object Editor has to have the Administrative Templates. By default, this is the Primary Domain Controller (PDC) emulator.
An easy way to remove Administrative Templates if you have not added any special or custom ones is to search in Explorer on the PDC emulator for *.adm files. Sort the results by name, and then delete all the Administrative Template folders. After you make these changes, wait until the replication process has successfully replicated the changes to the other domain controllers. To complete the process, set the filter for Administrative Templates.
If you have custom Administrative Templates, copy these to a different directory structure. For best results, use the Robust File Copy utility (Robocopy.exe) from the Resource Kit. The command syntax is:
robocopy PDC sysvolbackup_directory *.adm /s /mov
An example of the command to copy custom Administrative Templates to a different directory structure is the following:
robocopy \\mydom-pdc\sysvol\mydom.com\policies c:\sysvol-adm-backup\ *.adm /s /mov
You can specify a file filter in the FRS object for the replica set (after you remove the Administrative Templates). For best results, use Adsiedit.msc from the Support Tools. The Attribute is fRSFileFilter. By default, its content is "*.tmp, *.bak, ~*".
To edit this attribute:
- In ADSIEDIT, locate the following object:
CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=your_domain
- In the properties for the object, click fRSFileFilter in Select a property to view.
The value appears in the Value line.
- Click Clear to bring the attribute to the Edit Attribute line.
- Change this line to *.tmp, *.bak, *.adm, ~*.
- Click Set.
- Click OK.
You can then use the Robust File Copy utility to copy the Administrative Template folders back to the guid folders if you want. The command syntax is:
robocopy backup_directoryPDC sysvol /s
An example of the command to copy the Administrative Template folders back to the guid folders is the following:
robocopy c:\sysvol-adm-backup\\mydom-pdc\sysvol\mydom.com\policies /s
Technically, if you do not have any custom Administrative Templates, you do not have to add the Administrative Template folders back to the PDC emulator. The folders will be automatically regenerated by using the local Administrative Templates whenever someone edits the Group Policy object (GPO).
If you move the PDC emulator role, you may also want to move the Administrative Templates. For best results, use the Robust File Copy utility. The command syntax is:
robocopy old_PDC_SYSVOLPDC_SYSVOL *.adm /s /mov
An example of the command to move the Administrative Templates is the following:
robocopy \\mydom-pdc\sysvol\mydom.com\policies \\mydom-res-pdc\sysvol\mydom.com\policies *.adm /s /mov
If you have custom Administrative Templates, make sure they have unique file names across policies. You can then distribute these Administrative Templates to all the computers that run Group Policy Object Editor. Copy the Administrative Template files to the NT
Unless you have specific Administrative Template requirements (for example, you use certain Administrative Templates only for certain policies), a good idea is to combine these approaches to have a complete set of Administrative Templates for editing a GPO.