Article ID: 972105 - View products that this article applies to.
In Windows Server 2008 or in Windows Server 2008 R2, you perform a Distributed File System Replication (DFSR) migration of the SYSVOL share. When the migration reaches the Redirected state, you may find that all files are conflicted on all domain controllers except the PDC Emulator (PDCE).
If you examine the DFS Replication event log on any non-PDCE, you will find the following event:
Log Name: DFS Replication
If you examine the following folder, you will find the copies of the conflicted files:
%Systemroot%\Sysvol_dfsr\Sysvol\Dfsrprivate\ConflictanddeletedEven if there are no 4412 events or conflicts, you find that all files in the SYSVOL share are being replicated when they are outgoing from the PDCE when domain controllers enter the Redirected state.
This problem occurs because the ROBOCOPY process that is used during the SYSVOL migration from the Prepared state to the Redirected state incorrectly sets a NULL System Access Control List (SACL) that propagates to all files. This changes the SHA-1 file hash that is used by DFSR for file comparison between servers and then leads to the conflicts.
Typically, the conflict events occur when you run the DFSRMIG.EXE /SETGLOBALSTATE 2 command without first running the DFSRMIG.EXE /SETGLOBALSTATE 1 command.
However, the conflict events may occur when you use the following typical steps:
DFSRMIG.EXE /SETGLOBALSTATE 1
DFSRMIG.EXE /SETGLOBALSTATE 2
The unnecessary replication of files, without conflict events, always occurs when the migration reaches the Redirected state.
To avoid conflict events or the unnecessary replication of files during the migration process, install an updated version of ROBOCOPY.EXE on all domain controllers. To do this, click one of the following article numbers to view the article in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/979808/ )"Robocopy /B" does not copy the security information such as ACL in Windows 7 and in Windows Server 2008 R2
(https://support.microsoft.com/kb/973776/ )The security configuration information, such as the ACL, is not copied if a backup operator uses the Robocopy.exe utility together with the /B option to copy a file on a computer that is running Windows Vista or Windows Server 2008
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Robocopy.exe is used by the DFSR migration process for local SYSVOL seeding on individual domain controllers during the Prepared phase and on the PDC Emulator during the Redirected phase.
For more information about SYSVOL Replication migration, visit the following Microsoft website:
Article ID: 972105 - Last Review: January 17, 2011 - Revision: 5.0